Integrated information communication system

ABSTRACT

To provide an integrated information communication system without using dedicated lines or the Internet, ensuring communication speed, communication quality, communication trouble countermeasures in a unified manner, wherein security and reliability in communication is ensured. The system is comprised of an access control apparatus for connecting a plurality of computer communication networks or information communication equipment to each, and a relay device for networking the aforementioned access control apparatus, the system having functions for performing routing by transferring information by a unified address system, and is configured such that the aforementioned plurality of computer communication networks or information communication equipment can perform communications in an interactive manner.

This application is a divisional of U.S. application Ser. No.11/700,107, filed Jan. 31, 2007, which is a divisional of U.S.application Ser. No. 10/392,979, filed Mar. 21, 2003, now U.S. Pat. No.7,266,115, which is a divisional of U.S. application Ser. No.09/165,212, filed Oct. 2, 1998, now U.S. Pat. No. 6,618,366.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to an integrated information communicationsystem connecting information communication equipments or informationcommunication systems such as personal computers, LANs (Local AreaNetworks), telephones (including cellular phones), FAXes (Facsimile),CATVs (Cable Television), Internet and the like, not only via dedicatedlines, but also via ISDN (Integrated Services Digital Network), FR(Frame Relay), ATM (Asynchronous Transfer Mode), IPX (Integrated PacketExchange), satellite, wireless and public lines. Integrated informationcommunication equipments perform communication provided with an address(for information communication) for distinguishing the integratedinformation communication equipment from other equipment. Particularly,the present invention relates to an integrated information communicationsystem which integrates data transfer services based on connection-lessnetworks (e.g., RFC791 or RFC1883 IP (Internet Protocol) technology) andimproves the overall economics of the information communication systemby employing a unified address system, and ensuring security to realizeinteractive communications between connected terminals or systems.

2. Description of the Prior Art

In accordance with computer and information communication technology,computer communication networks have in recent years come to be widelyused in universities, research institutes, government organizations, andintra-corporation/inter-corporation situations. LANs are used forintra-corporation communication networks, and in the event that thegeographic locale is on a national basis, the form thereof becomes suchas shown in FIG. 1. In the example described in FIG. 1, each local LANuses a common protocol, with each being connected by dedicated lines.Here, e.g., a corporation X has LAN-X1, LAN-X2 and LAN-X3 as LANs, acorporation Y has LAN-Y1, LAN-Y2 and LAN-Y3 as LANs, and bothcorporations X and Y use communication address systems ADX and ADY forperforming computer communications. Since it is necessary to lay aseparate dedicated line for each corporation with such a LAN network,system architecture becomes costly, and in the event that connection isto be made to a LAN network of another corporation, interfacing must bematched such as the communication address system, makinginter-connection very difficult and very costly.

On the other hand, the Internet has recently become widespread as aglobal-scale computer communication network. On the Internet, networksare connected using a router of a provider, a communication protocolcalled TCP/IP (Transmission Control Protocol/Intrnet Protocol) isemployed, dedicated lines or FR networks are used for connecting remoteareas, and Ethernets which are 10 Mbps LANs or FDDIs (Fiber DistributedData Interface) which are 10 Mbps LANs are used as communication pathswithin structures. FIG. 2 shows an example of an Internet connection, inwhich the routers in the providers maintain mutual connection byexchanging routing table connection information. Each router isconnected to a plurality of networks, and judgment is made based on therouting table regarding to which router connected to which provider'snetwork received data should go next. Thus, on the Internet, the IPaddress attached to each IP packet (IP datagram) is checked, judgment ismade to which router the IP packet should be sent, and that IP packet issent accordingly. Thus, IP packets are transferred one after another anddelivered to the destination computer, by means of all routersperforming the above-described operation.

FIG. 3 illustrates the information contents of an RFC791 IP packet usedby the Internet, divided into a control field and a data field. FIG. 4illustrates the information contents of a similar RFC1883, divided intoa control field and a data field. In either figure, the parentheses ( )indicate the number of bits.

However, with the Internet, the path control is restricted by IP, sothat one cannot tell whether the other party with which communication isbeing made is the authorized party, and the system is such that thecommunication path is not administrated in an integrated manner, meaningthat there are problems regarding security in that information may beeavesdropped. Also, in reality, addresses within the LANs are beingseparately decided by the LAN users, so there is the necessity toreplace the LAN user addresses when connecting the LAN to the Internet.Also, communication quality such as communication speed andcommunication error rate for the trunk lines making up the Internetcommunication path differ from one line to another for each LAN, and arepractically non-uniform. Also, there are problems such as an attempt tosend a 10 Mbps TV signal for video-conferencing not achieving thedesired communication speed. Further, there is no administrator forperforming maintenance of the network such as in the case of failure, orfor integrating the overall network for future planning for the networkand so forth. Also, with LAN networks and the Internet, the terminalsare personal computers (computers), and it has been difficult to usetelephones, FAX and CATV in an integrated manner therein.

SUMMARY OF THE INVENTION

The present embodiment has been made in accordance with theabove-described situations, and it is an object of the present inventionto provide an integrated information communication system capable ofcontaining a plurality of VANs (Value Added Networks) which perform IPpacket transfer of which security and reliability in communications hasbeen ensured, by means of not using dedicated lines or the Internet soas to improve economic considerations of the information communicationsystem architecture, and ensuring communication speed, communicationquality and communication trouble countermeasure in a unified manner.Also, it is another object of the present invention to provide anintegrated information communication system which uses a singleinformation transfer which is not dependent on the type of service, suchas sound, image (motion and still), text, etc., so as to inter-connectservices which have conventionally been provided separately, such astotal communication services, analog/digital telephone line services,Internet provider services, FAX services, computer data exchangeservices, CATV services and so forth. Further, it is another object ofthe present invention to provide an integrated information communicationsystem which enables inter-corporation communication with very littlechange to the computer communication address systems which have beenindependently and separately created within each separate corporation(including universities, research institutes, government organizations,etc.).

The present invention relates to an integrated information communicationsystem, and the above objects of the present invention are realized asfollows: the present invention is configured by providing an accesscontrol apparatus for connecting a plurality of computer communicationnetworks or information communication equipment to each other, and arelay device for networking the aforementioned access control apparatus,the system having functions for performing routing by transferringinformation by a unified address system, and is configured such that theaforementioned plurality of computer communication networks orinformation communication equipments can perform communications in aninteractive manner. In FIG. 1 which is given as an example of aconventional arrangement, the range of dedicated lines used forintra-corporation and inter-corporation communications is indicated bysolid lines, and this is replaced with the equivalent of a computercommunications network according to IP as a common communication networkindicated by broken lines.

The above-described objects of the present invention are achieved by anICS (Information Communication System) user packet having a unique ICSuser address system ADX being converted into an ICS network packethaving an address system ADS, based on the administration of aconversion table provided within an access control apparatus, and bybeing arranged such that in the case that transmission is made over atleast one VAN contained therein following rules of the aforementionedaddress system ADS, and the destination other access control apparatusis reached, conversion is made to the aforementioned ICS user addresssystem ADX based on the administration of the aforementioned conversiontable, and another external information communication apparatus isreached. Also, the above-described objects of the present invention areachieved by an ICS user packet having a unique ICS user address systemADX being converted into an ICS network packet corresponding with areception ICS network address registered beforehand to the conversiontable in accordance with a user logic communication line, rather thanusing an ICS user address within the aforementioned ICS user packetbased on the administration of a conversion table provided within theaccess control apparatus, and by being arranged such that in the casethat transmission of the aforementioned ICS network packet is made toanother access control apparatus via at least one VAN following rules ofthe ICS address system ADS, the transfer destination of theaforementioned ICS network packet being either 1 or N, this is returnedto the aforementioned ICS network packet based on the administration ofa conversion table provided within the aforementioned access controlapparatus, and another external information communication apparatus isreached.

BRIEF DESCRIPTION OF THE DRAWINGS

In the accompanying drawings:

FIG. 1 is a block diagram to explain a conventional LAN network;

FIG. 2 is a diagram illustrating a form of Internet;

FIG. 3 is a diagram illustrating an IP packet according to RFC791stipulation;

FIG. 4 is a diagram illustrating an IP packet according to RFC 1883stipulation;

FIG. 5 is a block diagram systematically illustrating the basicprinciple of the present invention;

FIG. 6 is a block diagram illustrating an example of a network whereinan ICS according to the present invention is constructed of a pluralityof VANs;

FIG. 7 is a block diagram illustrating an example of configuring theaccess control apparatus;

FIG. 8 is a block diagram illustrating an example of configuring therelay apparatus;

FIG. 9 is a block diagram illustrating an example of configuring theinter-VAN gateway;

FIG. 10 is a block diagram illustrating an example of configuring theICS network server;

FIG. 11 is an array diagram illustrating an example of the ICS useraddress used in the present invention;

FIG. 12 is a wiring diagram illustrating the connection relation betweenthe ICS logic terminal and user communication line;

FIG. 13 is a diagram illustrating the relation between the ICS userpacket and the ICS network packet, used in the present invention;

FIG. 14 is a portion of a constructional block drawing illustrating afirst embodiment (intra-corporation communication, inter-corporationcommunication) according to the present invention;

FIG. 15 is a portion of a constructional block drawing illustrating afirst embodiment according to the present invention;

FIG. 16 is a diagram to show an example of a conversion table;

FIG. 17 is a diagram to show an example of a temporary conversion table;

FIG. 18 is a flowchart illustrating an example of operation of theaccess control apparatus;

FIG. 19 is a flowchart illustrating an example of operation of theaccess control apparatus in inter-corporation communication;

FIG. 20 is a constructional block drawing illustrating a secondembodiment (virtual dedicated line) according to the present invention;

FIG. 21 is a diagram to show an example of the conversion table;

FIG. 22 is a flowchart illustrating an example of operation of theaccess control apparatus in virtual dedicated line connection;

FIG. 23 is a diagram to show an example of format of NSAP type ATMaddress;

FIG. 24 is a diagram to show an information unit of ATM cell type;

FIG. 25 is a diagram to explain conversion/restoring operation betweenICS network packet and CPCS packet;

FIG. 26 is a diagram to explain dissolution/assembly between CPCS frameand cell;

FIG. 27 is a portion of a constructional block showing a 3^(rd)embodiment (embodiment using ATM network) according to the presentinvention;

FIG. 28 is a portion of a constructional block showing a 3^(rd)embodiment according to the present invention;

FIG. 29 is a diagram to show an example of an ATM address conversiontable and a VC address conversion table;

FIG. 30 is a diagram to show an example of an ATM address conversiontable and a VC address conversion table;

FIG. 31 is a flowchart to show a flow of packet using SVC and PVC;

FIG. 32 is a flowchart to show a flow of packet using SVC and PVC;

FIGS. 33 and 34 are block diagrams to show 1:N communication or N:1communication using PVC;

FIGS. 35 and 36 are block diagrams to show N:N communication using PVC;

FIG. 37 is a diagram to show an example of FR frame address portion;

FIG. 38 is a diagram to show a variation between ICS network packet andFR frame;

FIG. 39 is a portion of a constructional block showing a fourthembodiment (embodiment using FR network) according to the presentinvention;

FIG. 40 is a portion of a constructional block showing a fourthembodiment according to the present invention;

FIG. 41 is a diagram to show an example of an FR address conversiontable and a DLC address conversion table;

FIG. 42 is a diagram to show an example of an FR address conversiontable and a DLC address conversion table;

FIG. 43 is a flowchart to show a flow of packet using SVC and PVC;

FIG. 44 is a flowchart to show a flow of using SVC and PVC;

FIGS. 45 and 46 are block diagrams to show 1:N communication or N:1communication using PVC;

FIGS. 47 and 48 are block diagrams to show N:N communication using PVC;

FIG. 49 is a portion of a constructional block showing a fifthembodiment(accommodation of telephone line, ISDN line, CATV line,satellite line, IPX line, cellular phone line) according to the presentinvention;

FIG. 50 is a portion of a constructional block showing a fifthembodiment according to the present invention;

FIG. 51 is a portion of a constructional block showing a fifthembodiment according to the present invention;

FIG. 52 is a portion of a constructional block showing a fifthembodiment according to the present invention;

FIG. 53 shows an example of the conversion table;

FIG. 54 is a flowchart to show an operation of a fifth embodiment;

FIG. 55 is a portion of a constructional block showing a sixthembodiment according to the present invention;

FIG. 56 is a portion of a constructional block showing a sixthembodiment according to the present invention;

FIG. 57 is a portion of a constructional block showing a sixthembodiment according to the present invention;

FIG. 58 is a diagram to show an example of description of router tablein a dial-up router;

FIG. 59 is a flowchart to show an operation of a sixth embodiment;

FIG. 60 is a constructional block showing a seventh embodiment (ICSaddress administration server) according to the present invention;

FIG. 61 is constructional block showing an eighthembodi-ment(full-duplex communication including a satellitecommunication path) according to the present invention;

FIG. 62 is a timing chart to show an example of operation of afull-duplex communication by TCP;

FIG. 63 is a timing chart to explain an eighth embodiment;

FIG. 64 is a timing chart to explain an eighth embodiment;

FIG. 65 is a timing chart to explain an eighth embodiment;

FIG. 66 is a constructional block showing a variation of an eighthembodiment;

FIG. 67 is a timing chart to show an operation of a ninthembodiment(full-duplex communication including a satellite communicationpath) according to the present invention;

FIG. 68 is a timing chart to explain a ninth embodiment;

FIG. 69 is a timing chart to explain a ninth embodiment;

FIG. 70 is a timing chart to explain a tenth embodiment;

FIG. 71 is a timing chart to explain a tenth embodiment;

FIG. 72 is a timing chart to explain an eleventh embodiment;

FIG. 73 s a constructional block showing a twelfth embodiment(full-duplex communication path) according to the present invention;

FIG. 74 is a timing chart to show an operation of a twelfth embodiment;

FIG. 75 is a constructional block to show a variation of a twelfthembodiment;

FIG. 76 is a diagram to show an example of TCP frame;

FIG. 77 is a diagram to show an example of UDP frame;

FIG. 78 is a portion of a constructional block showing a thirteenthembodiment(control of receiving priority degree) according to thepresent invention;

FIG. 79 is a portion of a constructional block showing a thirteenthembodiment according to the present invention;

FIG. 80 is a portion of a diagram to explain a thirteenth embodiment;

FIG. 81 is a portion of a diagram to explain a thirteenth embodiment;

FIG. 82 is a flowchart to show an operation to decide a degree ofpriority;

FIG. 83 is a constructional block showing a 14^(th) embodiment (controlof transmitting priority degree) according to the present invention;

FIGS. 84 and 85 are diagrams to show an example of a conversion tableused in a 14^(th) embodiment;

FIG. 86 is a flowchart to show an operation of priority decision in a14^(th) embodiment;

FIG. 87 is a constructional block showing a 15^(th) embodiment(multiplex communication) according to the present invention;

FIG. 88 is a diagram to show an example of a conversion table used in a15^(th) embodiment;

FIG. 89 is a diagram to show an example of a conversion table used in a15^(th) embodiment;

FIG. 90 is a constructional block to show a variation of a 15^(th)embodiment;

FIG. 91 is a portion of a constructional block showing a 16^(th)embodiment(operation of ICS) according to the present invention;

FIG. 92 is a portion of a constructional block showing a 16^(th)embodiment according to the present invention;

FIG. 93 is a diagram to explain a 16^(th) embodiment;

FIG. 94 is a diagram to explain a 16^(th) embodiment;

FIG. 95 is a diagram to explain a 16^(th) embodiment;

FIG. 96 is a diagram to explain a 16^(th) embodiment;

FIG. 97 is a diagram to explain a 16^(th) embodiment;

FIG. 98 is a diagram to explain a 16^(th) embodiment;

FIG. 99 is a diagram to explain a 16^(th) embodiment;

FIG. 100 is a diagram to show an example of an ICS network addressappropriation record table used in a 16^(th) embodiment;

FIG. 101 is a diagram to show an example of an ICS user addressappropriation record table used in a 16^(th) embodiment;

FIG. 102 is a diagram to show an example of a conversion table used in a16^(th) embodiment;

FIG. 103 is a diagram to show an example of a conversion table used in a16^(th) embodiment;

FIG. 104 is a diagram to show an example of a conversion table used in a16^(th) embodiment;

FIG. 105 is a procedure chart to explain a 16^(th) embodiment;

FIG. 106 is a diagram to show an example of a conversion table used in a16^(th) embodiment;

FIG. 107 is a procedure chart to explain a 16^(th) embodiment;

FIG. 108 is a diagram to show an example of a conversion table used in a16^(th) embodiment;

FIG. 109 is a diagram to explain a domain name server;

FIG. 110 is a diagram to explain a domain name server;

FIG. 111 is a diagram to explain a domain name server;

FIG. 112 is a diagram to explain a domain name server;

FIG. 113 is a diagram to explain a call of a domain name server;

FIG. 114 is a diagram to explain re-writing of a conversion table froman IP terminal;

FIG. 115 is a diagram to explain re-writing of a conversion table froman IP terminal;

FIG. 116 is a constructional block showing a 17^(th) embodiment (callingof a communicator by telephone number) according to the presentinvention;

FIG. 117 is a diagram to show an example of a conversion table;

FIG. 118 is a diagram to show an example of an inner table used in a17^(th) embodiment;

FIG. 119 is a diagram to show an example of an inner table used in a17^(th) embodiment;

FIG. 120 is a diagram to show an example of an inner table used in a17^(th) embodiment;

FIG. 121 is a diagram to explain a call of a domain name server;

FIG. 123 is a portion of a constructional block showing an 18^(th)embodiment (IP terminal to be connected with plural access controlapparatuses) according to the present invention;

FIG. 124 is a portion of a constructional block showing an 18^(th)embodiment according to the present invention;

FIG. 125 is a diagram to show an example of a verifying server;

FIG. 126 is a diagram to show an example of a conversion table;

FIG. 127 is a timing chart to explain register procedure from a home IPterminal;

FIG. 128 is a diagram to explain an accessing method of a verifyingserver;

FIG. 129 is a diagram to show an example of an inner table used in an18^(th) embodiment;

FIG. 130 is a diagram to show an example of an inner table used in an18^(th) embodiment;

FIG. 131 is a diagram to show an example of an inner table used in an18^(th) embodiment;

FIG. 132 is a block diagram to show a call of a verifying server;

FIG. 133 a portion of a constructional block diagram illustrating a19^(th) embodiment (closed-zone network communication and open-zonecommunication used network discriminator) according to the presentinvention;

FIG. 134 is a portion of a constructional block diagram illustrating a19^(th) embodiment according to the present invention;

FIG. 135 is a portion of a constructional block diagram illustrating a19^(th) embodiment according to the present invention;

FIG. 136 is a portion of a constructional block diagram illustrating a19^(th) embodiment according to the present invention;

FIG. 137 is a diagram to show an example of a conversion table used in a19^(th) embodiment;

FIG. 138 is a diagram to show an example of a conversion table used in a19^(th) embodiment;

FIG. 139 is a diagram to show an example of a conversion table used in a19^(th) embodiment;

FIG. 140 is a diagram to show an example of a conversion table used in a19^(th) embodiment;

FIG. 141 is a flowchart to show an example of an operation of a 19^(th)embodiment;

FIG. 142 is a flowchart to show an example of an operation of a 19^(th)embodiment;

FIG. 143 is a portion of a constructional block diagram illustrating a20^(th) embodiment (IP terminal to be connected with plural accesscontrol apparatus having network identifier) according to the presentinvention;

FIG. 144 is a portion of a constructional block diagram illustrating a20^(th) embodiment according to the present invention;

FIG. 145 is a diagram to show an example of a verifying server used in a20^(th) embodiment;

FIG. 146 is a diagram to show an example of a conversion table used in a20^(th) embodiment;

FIG. 147 is a signal flowchart to explain an operation of a 20^(th)embodiment;

FIG. 148 is a diagram to explain a 20^(th) embodiment;

FIG. 149 is a diagram to explain a 20^(th) embodiment;

FIG. 150 is a diagram to explain a 20^(th) embodiment;

FIG. 151 is a diagram to explain a 20^(th) embodiment;

FIG. 152 is a diagram to explain a 20^(th) embodiment; and

FIG. 153 is a diagram to explain a 20^(th) embodiment.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

FIG. 5 systematically illustrates the basic principle of the presentinvention, wherein the integrated information communication system(hereafter referred to as “ICS”) 1 according to the present inventionhas self-appointed address providing rules as a computerinformation/communication address. i.e., the system has a unique addresssystem ADS, and has access control apparatuses (2 through 7 in thepresent example) which serve as access points for connecting a pluralityof computer communication networks or information communicationequipments, e.g., a great number of LANs (in the present example,corporation X's LAN-X1, LAN-X2 and LAN-X3, and corporation Y's LAN-Y1,LAN-Y2 and LAN-Y3). Here, corporation X's LAN-X1, LAN-X2 and LAN-X3 havethe same address system ADX, and corporation Y's LAN-Y1, LAN-Y2 andLAN-Y3 have the same address system ADY. The access control apparatuses2, 3 and 4 have conversion tables for administrating mutual conversionbetween the address system ADS and the address system ADX. The accesscontrol apparatuses 5, 6 and 7 have conversion tables for administratingmutual conversion between the address system ADS and the address systemADY. The computer communication data (ICS packet) within the ICS 1 usesaddresses according to the address system ADS of the ICS 1, and performsIP communication such as is used on the Internet.

Now, description will be made regarding the operation in the case ofcommunication within a single corporation. The computer communicationdata (ICS packet) 80 transmitted from the LAN-X1 of the corporation X isprovided with addressing following the address system ADX, but issubjected to address conversion following the address system ADS underadministration of the conversion table of the access control apparatuswithin the ICS 1, and becomes ICS packet 81. This is then sent withinthe ICS 1 following the rules of the address system ADS, and uponreaching the destination access control apparatus 4, is restored to thecomputer communication data 80 of the address system ADX under theadministration of the conversion table thereof, and is sent to theLAN-X3 within the same corporation X. Here, the ICS frame being sent andreceived within the ICS 1 is referred to as an ICS network packet, andthe ICS packet being sent and received outside of the ICS 1 is referredto as an ICS user packet. The ICS user packet is such as stipulated bythe Internet protocol RFC791 or RFC1883 as a rule, but dealing with ICSpackets which do not follow this rule will be described later inconjunction with description of another embodiment.

The ICS network packet 81 is comprised of a network control field 81-1and a network data field 81-2, with the network control field 81-1storing the addresses (address system ADS) of the access controlapparatuses 2 and 4 therein. The ICS user packet is either used as thenetwork data field 81-2 with no change to the data value thereof, or issubjected to data format conversion following stipulations determinedwithin the ICS 1 and is used as network data field 81-2. An example ofthe data format conversion stipulations might be conversion tociphertext or data compression, and the access control apparatus 2 maybe provided with ciphering means, deciphering means for returning theciphertext to the original plain-text, data compression means, and datadecompression means for returning the compressed data to the originaldata. In the access control apparatus 2, the ICS user packet 80 is usedas the ICS network packet 81-2, and each of the operations of adding thenetwork control field 81-1 to the ICS network packet 81-2 are referredto as “ICS encapsulation”. Also, in the access control apparatus 4, theoperations of removing the network control field 81-1 from the ICSnetwork packet 81 are referred to as “ICS reverse encapsulation”.

Now, description will be made regarding the operation in the case ofcommunication between corporations. The computer communication data (ICSuser packet) 82 transmitted from the LAN-Y2 of the corporation Y isprovided with addressing following the address system ADY, but issubjected to address conversion following the address system ADS underadministration of the conversion table of the access control apparatus 6within the ICS 1, and becomes ICS packet 83. This is then sent withinthe ICS 1 following the rules of the address system ADS, and uponreaching the destination access control apparatus 3, is converted to thecomputer communication data 82 of the address system ADX under theadministration of the conversion table thereof, and is sent to theLAN-X2 within the corporation X. While address lengths of 32 bits and128 bits are used in the present invention, the present invention is byno means restricted to these. Even if the length of the addresses arechanged to such other than 32-bit or 128-bit, this does not change theprinciple of address conversion which is the principle idea of thepresent invention.

Thus, according to the present invention, both intra-corporation andinter-corporation computer communications are enabled by unified addressadministration by the ICS 1. Generally used user terminals for computercommunications are incorporated within the LAN within the structure ofthe user, and incorporated within the VAN (Value Added Network) viaaccess line, and user data packets are sent which have differing dataformats and differing address system for each type of service. Forexample, an IP address is used for Internet services, a telephonenumber/ISDN number (E.164 address) for telephone services, and an X.121address is used for X.25 packet services. Conversely, according to theICS 1 of the present invention, address conversion is performed with theconversion table of the access control apparatus based on the input ICSuser packet, thus realizing sending of information frames of data ofvaried structures unified under a single data format and address system,i.e., converted to ICS packets.

FIG. 6 schematically illustrates an example wherein the ICS 1 of thepresent invention is comprised of a plurality of VANs (VAN-1, VAN-2,VAN-3), with each VAN being administered by a VAN operator. An ICS 1user applies to the VAN operator for a user communication line, and theVAN operator decides the ICS address and ICS network address for theuser and registers this information with the circuit type in aconversion table 12 within the access control apparatus 10 such as shownin FIG. 7. The ICS 1 has, as access points serving as externalconnection elements with the LANs (or terminals) of the corporations Xand Y, the access control apparatuses 10-1, 10-2, 10-3, 10-4 and 10-5,as shown in FIG. 7., and further has relay apparatuses 20-1, 20-2, 20-3and 20-4, and also ICS network servers 40-1, 40-2, 40-3, 40-4 and 40-5,as well as ICS address administration servers 50-1 and 50-2. A relayapparatus 20 such as shown in FIG. 8 is provided to the communicationpath within each of the VANs, and an inter-VAN gateway 30 such asillustrated in FIG. 9 is provided as the connection element of VAN-2 andVAN-3. The LANs 1-1, 1-2, 1-3 and 1-4 are respectively connected to theaccess control apparatuses 10-1, 10-5, 10-4 and 10-2, via the usercommunication lines 36-1, 36-2, 36-3 and 36-4.

The access control apparatus 10 (10-1, 10-2, 10-3, 10-4 and 10-5) aredevices containing the user communication lines from the user(corporations X and Y) to the ICS 1, and as shown in FIG. 7, arecomprised of a processing device 11 comprised of a CPU or the like, aconversion table 12 serving as a database for performing addressconversion and the like, an input/output interface line portion 13, anda temporary conversion table 14. Also, the relay apparatus 20 hasnetwork packet transferring functions and path specification routingfunctions, and as shown in FIG. 8 has a processing device 21 comprisedof a CPU or the like and a conversion table 22, the conversion table 22being used for determining the communication destination when the ICSnetwork frame is transferred within the ICS 1. The inter-VAN gateway 30has a processing device 31 comprised of a CPU or the like and a relaytable 32 for determining where to send ICS network packets between VANs,as shown in FIG. 5.

As shown in FIG. 10, the ICS server 40 is comprised of a processingdevice 41 and an ICS network database 42, the usage of the ICS networkdatabase 42 not being restricted. Examples of this usage include:user-specific data corresponding with the ICS address (such as the nameor address of the user), data not corresponding with the ICS address,such as data indicating the state of communication trouble within theVAN, or data not directly related to the VAN, such as an electroniclibrary which maintains and discloses digital documents, public keys fora public encryption system using encryption technology employed inverifying the authenticity of the sender and receiver, and maintainingdata such as public proof data and related data or secret keys for asecret encryption system and related data. The processing device 41refers to the ICS network database 42, and obtains corresponding dataand sends the data to the access control apparatus 10. Further, not onlydoes the ICS network database 42 operate in stand-alone manner, but alsois capable of communicating with other ICS network servers and obtainingdata therefrom, by means of sending and receiving ICS network framesbased on IP communication technology. Within the ICS, the ICS networkserver is the only component provided with an ICS network address.

According to the present invention, the address used to identifycomputers, terminals and the like used within the ICS network packet isreferred to as an ICS network address, and the address used to identifythe computers, terminals and the like used within the ICS user packet isreferred to as an ICS user address. The ICS network address is used onlywithin the ICS, one or both of the two types being used; 32-bit and/or128-bit. Similarly, the ICS user address also uses one or both of thetwo types; 32-bit and/or 128-bit. The access control apparatus 10, therelay apparatus 20, the VAN gateway 30 and the ICS network server arearranged so as to be provided each with an ICS network address so as tobe uniquely identified. Also, the ICS user address is formed of a VANupper code and VAN internal code. With the length of the VAN upper codebeing represented as C1 bits and the length of the VAN internal codebeing represented as C2 bits, the ICS user address is used such that thetotal of C1+C2 equals either 32 bits or 128 bits.

In the present invention, no particular method for deciding the VANupper code and VAN internal code is stipulated, but in the case ofC1+C2=32 bits, the following example can be given for a method fordeciding such:

V A N  upper  address = district  administration  code(4-bit)country  code(4-bit)V A N  code(8-bit)V A N  internal  code = V A N  district  code(4-bit)V A N  access  point  code(8-bit)user  logic  code(4-bit)

FIG. 11 makes description thereof using an example of an ICS useraddress. Here, the symbol “a∥b” indicates linkage of data “a” and “b”,i.e., data obtained by means of arrayed data “a” and “b” in this order.The ICS network address can be provided with locality in the same manneras with the user network address. That is,

I C S  network  address = district  administration  codecountry  codeV A N  codeV A N  district  codeuser  logic  communications  line  code

Thus, the relay apparatus can efficiently find the transfer destinationby means of deciding the transferring destination with consideration tothe district. The address can be determined in the same way in the caseof C1+C2=128 bits, as well. Incidentally, with the present invention,the ICS frame can be constructed as described later, as long as C1+C2=32bits or C1+C2=128 bits is kept, regardless of how the field sections forthe VAN upper code and VAN internal code are made, or the length of eachof the sections.

Also, when deciding the VAN upper code and VAN internal code, part ofthese codes may be made to be unique to the user. That is, the user canmake a user-specific address system. The address values within a 32 bitaddress value are from address 0 to address (232-1), the presentinvention is carried out by providing an address decided uniquely to theuser within the range of address 10×224 to address (10×224+224-1), i.e.,address (172×224+16×216) to address(172×224+32×216-1) oraddress(192×224+168×216) to address (192×224+169×216-1).

A physical communication line can be separated into a plurality ofcommunication lines and used, this being realized in conventional art asframe relay (FR) multiplex communication method, for example. Accordingto the present invention, the user's communication line is separatedinto a user physical communication line and one or more user logiccommunication lines. FIG. 12 illustrates an example of the above,wherein a user physical communication line 60 is separated into two userlogic communication lines 61-1 and 61-2 of the communication rate 50Mbps. Also, separate computer communication apparatuses 62-1, 62-2,62-3, and 62-4 are each connected to respective user logic communicationlines, and the ICS user addresses “4123,0025,0026,4124” are provided toeach of the computer communication apparatuses 62-1 through 62-4. Theuser physical communication line 60 is connected to the access controlapparatus 63, and the point of contact between the two is called “ICSlogic terminal”. The ICS logic terminal is provided with an only ICSnetwork address within the ICS. In the example shown in FIG. 12 userlogic communication lines 61-1 and 61-2 are connected to the accesscontrol apparatus 63, and ICS network addresses “8710” and “8711” areprovided to the contact point ICS logic terminals 64-1 and 64-2,respectively.

As described above, the ICS network server 40 is also provided with anonly ICS network address, so that the ICS network address can determinethat the ICS logic terminal or the ICS network server is the only onewithin the ICS. The ICS network server is capable of exchanginginformation with other ICS servers by means of sending and receiving ICSnetwork packets provided with each other's ICS network addresses, usingthe IP communication technology. This function is referred to as “ICSnetwork server communication function”. The access control apparatus isalso provided with an only ICS network address within the ICS, and iscapable of exchanging information with other ICS servers by means of theICS network server communication function. The ICS network servercommunication function is realized by using conventional TCP or UDP(UserDatagram Protocol) technology.

There are two types of ICS packets in the present invention, asdescribed earlier, the ICS network packet which is sent and receivedwithin the ICS, and the ICS user packet which is sent and receivedoutside of the ICS. Each packet is comprised of a control field and adata field, and, as shown in FIG. 13, the packets are comprised of anetwork control field, a user control field, a network data field and auser data field, so as to allow usage by ICS encapsulation and ICSreverse encapsulation. That is, when the ICS user packet enters the ICSfrom the access control apparatus, the ICS user packet becomes part ofthe data of the ICS network packet, and the control field of the ICSnetwork packet (network control field) is added thereto (ICSencapsulation). The network control field is divided into a basic fieldand an external field. The basic field is used as a header of RFC791 orRFC 1833 stipulation and the external field is used for ciphering or thelike.

Inside the network control field of the ICS packet is placed a range forstoring the sender's address and the intended receiver's address. Thereare two types of ICS packets, those with a 32-bit address length andthose with a 128-bit address length, with a packet format being employedaccording to the RFC791 stipulation shown in FIG. 3, for example. In theevent that 32 bits is insufficient for the ICS network address, forexample, in the event that a 64-bit address is to be used, following theRFC791 stipulation, the lacking 32 bits (64 bits-32 bits) are writteninto the option portion of the ICS network packet control field, thusmaking the network address usable at 64 bits. Now, supplementaldescription will be made regarding the aforementioned user-specificaddress. In the event that a great number of users have a privateaddress (a type of ICS address) in the section between (10×224) and(10×224+224-1) for example, in the case that the length of the ICS useraddress is 32 bits, the 32 bits is insufficient for the ICS networkaddress, since the ICS network address is provided corresponding to theICS user address, and 64 bits is required, for example. In this case, asdescribed above, the lacking 32 bits are written into the option portionof the ICS network packet control field, thus making the network addressusable at 64 bits.

The fact that communication between the same user (called“intra-corporation communication”) is possible using a private addresswill be described in the first embodiment. Also, in the event that theaddress length is 128 bits, the present embodiment is carried outfollowing packet format according to the RFC 1883 stipulation such asshown in FIG. 4, for example. The transmitting address range within thenetwork control field, and the address stored in the destination addressare made to be ICS network addresses, each respectively being thetransmitting ICS network address and the receiving ICS network address.Further, the transmitting address range within the user control field,and the address stored in the destination address are made to be ICSuser addresses, each respectively being the sender ICS user address andthe receiver ICS user address.

Incidentally, there is no need to following the RFC791 or RFC1883stipulation for the ICS packet format in carrying out the presentinvention; the present invention can be carried out as long as thepacket format is such that uses addresses of 32 bits or 128 bits inlength. Generally, ICSs receives ICS user packets stipulated by RFC791or RFC1883, but other packet formats can be handles within the ICSnetwork by converting to ICS user packets with conversion means.

Embodiment-1 Basic ICS, Intra-Corporation Communication andIntra-Corporation Communication

A first embodiment of the present invention will be described withreference to FIGS. 14 and 15, regarding basic communication wherein thetransfer destination within the ICS is determined from the receiver'sICS user address, based on administration by a conversion table. In thefigures, 170-1, 170-2, 170-3 and 170-4 respectively denote gatewaysprovided within the LANs 100-1, 100-2, 100-3 and 100-4, and the ICSpackets can pass through these gateways 170-1 through 170-4.

First, description will be made regarding communication between aterminal which is connected to LAN 100-1 of a corporation X which has aunique address system ADX, and a terminal which is connected to LAN100-2 of the same corporation X. That is, this is communication betweena terminal which has an ICS user address “0012” on the LAN 100-1, and aterminal which has an ICS user address “0034” on the LAN 100-2. Thiscommunication is typical of communication made between terminals whichhave set addresses based on a unique address system within a singlecorporation (ADX in this example), the communication being made via theICS 100 in an interactive manner. This type of communication is referredto as intra-corporation communication service (or intra-corporationcommunication). Next, description will be made regarding communicationbetween a terminal which is connected to LAN 100-1 of a corporation Xwhich has a unique address system ADX, and a terminal which is connectedto LAN 100-3 of a corporation Y which has a unique address system ADY.That is, this is communication between a terminal which has an ICS useraddress “0012” on the LAN 100-1, and a terminal which has an ICS useraddress “1156” on the LAN 100-3. This communication is typical ofcommunication made between terminals which have different addresssystems within different corporations, the communication being madeusing an ICS address system which can be shared between the two. Thistype of communication is referred to as inter-corporation communicationservice (or inter-corporation communication).

<<Common Preparation>>

In describing the present embodiment, the address format and so forth isdetermined as described below, but the specific numeric values andformats are all but an example, and the present invention is by no meanslimited to these. The ICS network address is represented by a 4-digitnumber, and the sender ICS user address and the receiver ICS useraddress are both represented by a 4-digit number. Of the sender ICS useraddress and the receiver ICS user address, addresses of which the uppertwo digits are not “00” are used as inter-corporation communicationaddresses, and these inter-corporation communication addresses are anonly value within the ICS 100. Of the sender ICS user address and thereceiver ICS user address, addresses of which the upper two digits are“00” are used as intra-corporation communication addresses, and theseintra-corporation communication addresses may be duplicate of otherintra-corporation communication addresses within the ICS 100. The ICSaddress administration server 150-1 is capable of uniquely identifyingthe inter-corporation communication addresses. Also, the conversiontable 113-1 provided to the access control apparatus 110-1 contains thefollowing: originating ICS network addresses, receiving ICS networkaddresses, sender ICS network addresses, receiver ICS network addresses,request identification, speed segments and so forth. The requestidentification registered to the conversion table 113-1 is such that,e.g., “1” represents intra-corporation communication service, “2”represents inter-corporation communication service, and “3” representsvirtual dedicated line connection. The speed segment is the line speedthat the communication from the ICS network address requires, includingthroughput (e.g., the number of ICS packets sent within a certain amountof time).

<<Preparation for Intra-Corporation Communication>>

The users of LAN 100-1 and LAN 100-2 specify the terminal and apply to aVAN operator in order that the intra-corporation communication of theterminals connected to the LANs can perform communication via the VAN-1and VAN-3. The VAN operator responds to the application and sets theaforementioned ICS network address, ICS user address, requestidentification number, etc. to the conversion tables of the accesscontrol apparatuses 110-1 and 110-5 connected to the LAN 100-1 and LAN100-2.

The items to be set for the VAN-1 are as follows. The ICS networkaddress is decided by the ICS logic terminal of the access controlapparatus 110-1 to which the LAN 100-1 is connected, with the ICSnetwork address of the ICS logic terminal in this case being set as“7711”. The intra-corporation communication address of the terminalconnected to the LAN 100-1 from which the application was made is set as“0012”, and this is used as the sender ICS user address. Theintra-corporation communication address used by the terminal of theaddress is set as “2212”, and this is used as the sender ICS useraddress. Next, the intra-corporation communication address of theterminal connected to the LAN 100-2 from which the application was madeis decided by the ICS logic terminal of the access control apparatus110-5 to which the LAN 100-2 is connected, in this case the ICS networkaddress being set as “9922”, and this is used as the receiving ICSnetwork address. Further, the ICS user address used by the terminalconnected to the LAN 100-2 is set as “0034”, and this is used as thereceiver ICS user address. The number “1” is set as the requestidentification, indicating the intra-corporation communication servicethat was applied for, and the above is registered to the conversiontable 113-1.

The items to be set for the VAN-3 are as follows. Values necessary forreverse communication (communication from LAN 100-2 to LAN-1) are set tothe conversion table of the access control apparatus 110-5 connectingthe LAN 100-2 from which application was made. That is, data is setreverse to the transmitting ICS network address and the receiving ICSnetwork address, and at the same time, data is set reverse to the senderICS user address and the receiver ICS user address. The ICS networkaddress of the LAN 100-2 is set as “9922”, and this is used as thetransmitting ICS network address. Numeral “0034” is set as the senderICS user address for the intra-corporation ICS user address of theterminal connected to the LAN 100-2, and the ICS user address “0012” ofthe terminal of the other party is used as the receiver ICS useraddress. Also, the ICS user address “7711” of the LAN 100-1 is used asthe receiving ICS network address and the value “1” is set as therequest identification, indicating intra-corporation communicationservices. The above is written to the conversion table of the accesscontrol apparatus 110-5 and registered.

<<Operation of Intra-Corporation Communication>>

Regarding communication between a terminal connected to LAN 100-1 andhaving a sender ICS user address “0012”, and a terminal connected to LAN100-2 and having a receiver ICS user address “0034”, the sender “0012”sends an ICS user packet to the receiver “0034”. This ICS user packethas set as the sender ICS user address “0012”, and as the receiver ICSuser address has set “0034”, and the terminal with the ICS user address“0012” performs sending thereof.

The operation will be explained with reference to a flowchart in FIG.18. The conversion table 113-1 is shown in FIG. 16 and the temporaryconversion table 114-2 is shown in FIG. 17.

The ICS user packet P1 is sent via the user logic communication line180-1, and transferred to the access control apparatus 110-1 as the ICSuser packet P1. The access control apparatus 110-1 refers to theconversion table 113-1 from the transmitting ICS network address “7711”(Steps S100 and S101) and the receiver ICS user address “0034” of thereceived ICS user packet, and knows that the communication is anintra-corporation communication from the request identification value“1” obtained at the same time (Step S102). Then, the receiving ICSnetwork address “9922” corresponding to the sender ICS user address“0034” is obtained (Step S103) and is ICS-encapsulated (Step S106). Theabove procedures illustrated in a flowchart are as shown in FIG. 18,with the intra-corporation being flow (1) therein. The sender ICS useraddress may be used to specify a source of the ICS packet.

The access control apparatus 110-1 performs the ICS encapsu-lation,forming the ICS network packet P2 which is sent to the relay apparatus120-1. Since the ICS network address of the network field is ensured ofits uniqueness within the ICS, there is no conflict with other ICSpackets. The ICS network packet P2 passes through the relay apparatus120-1 and 120-2 based on the receiving ICS network address, and reachesthe access control apparatus 110-5 of the VAN-3. The access controlapparatus 110-5 removes the network control field from the ICS networkpacket P4 and performs ICS reverse encapsulation, and re-creates a userdata packet P5 which is the same as the ICS user packet P1 from thenetwork data field of the ICS packet, and sends it to the LAN 100-2. TheICS user packet is routed through the LAN 100-2, and is transferred tothe terminal which has the ICS user address “0034”.

<<Preparation for Inter-Corporation Communication>>

As an example of performing inter-corporation communication, thecommunication between a terminal which has an ICS user address “0012”and is connected to a LAN 100-1 following address system ADX, and aterminal which has an ICS user address “1156” and is connected to a LAN100-3 following address system ADY, will be described. The users of theLAN 100-1 and LAN 100-3 specify the terminal to the VAN each isconnected to so as to be able to perform the communication via VAN-1 andVAN-2, and make application to the VAN operator. The VAN operator setsthe necessary items in the conversion table of the access controlapparatus which is connected to the LAN 100-1 and LAN 100-3, inaccordance with the application.

The items to be set regarding VAN-1 are as follows. The ICS networkaddress of the LAN 100-1 is made to be “7711”, the intra-corporationcommunication address held by the terminal connected to the LAN 100-1from which there was application is made to be “0012”, and this is madeto be the sender ICS user address. The inter-corporation communicationaddress provided to the terminal of the above ICS user address made tobe “2212”, and this is made to be the sender user address(inter-corporation). The ICS network address is determined by the ICSlogic terminal of the access control apparatus 110-4 connected to theICS network address of the LAN 100-3 from which there was application,the ICS network address here being “8822”, and this is made to be thereceiving ICS network address. Also, the ICS user address of a terminalconnected to the LAN 100-3 is made to be “1156”, and this is made to bethe receiver ICS user address. Further, a value “2” is set as therequest identification, indicating the inter-corporation communicationservice that was applied for, and the above is registered to theconversion table 113-1.

The items to be set regarding VAN-2 are as follows. As a conversiontable for the access control apparatus 110-4 to which the LAN 100-3 isconnected, a temporary conversion table 114-2 which holds reverse datafor a certain time, e.g., 24 hours, is set. That is, regarding the ICSnetwork address “8822” to which is connected the LAN 100-3 which usesthe inter-corporation communication service, the following are providedwithin the access control apparatus 110-4: a transmitting ICS networkaddress, a sender ICS user address, a receiver ICS user address, areceiving ICS network address and temporary conversion table 114-2 whichincludes a request identification and so forth.

<<Operation of Inter-Corporation Communication>>

A terminal having an ICS user address “0012” sends an ICS user packet F1wherein the sender ICS user address is set as “0012” and the receiverICS user address is set as “1156” as. The ICS user packet F1 istransferred to the access control apparatus 110-1 via the user logiccommunications line 180-1.

The access control apparatus 110-1 refers to the conversion table 113-1from the originating ICS network address “7711” of the LAN 100-1 (StepsS100 and S101) and the receiver ICS user address “1156”, and knows thatthe request identification value is “2”, i.e., this communication is aninter-corporation communication (Step S102). The receiving ICS networkaddress corresponding to the receiver ICS user address “1156” is knownas “8822” (Step S104), and then the sender ICS user address “0012” isconverted into an inter-corporation communication address “2212” (StepS105). The access control apparatus 110-1 adds a network control field,from the obtained transmitting ICS network address “7711”, the senderICS user address “2212”, the receiver ICS user address “1156” and thereceiving ICS network address “8822”, and performs the ICSencapsulation, forming the ICS network packet F2 which is sent to therelay apparatus 120-1 (Step S106). The above procedures are illustratedin a flow (2) in FIG. 18.

In the above inter-corporation communication, in the event that thesender ICS user address within the ICS user packet F1 is made to be theinter-corporation communication address “2212”, the sender and thereceiver perform the inter-corporation communication using aninter-corporation communication address (Steps S102 and S104). In thiscase, the access control apparatus 110-1 does not perform the process ofconverting the sender ICS user address “2212” into the inter-corporationcommunication address “2212”, as such is not necessary. The aboveprocedures are illustrated in a flow (3) in FIG. 18. The sender ICS useraddress may be used to specify a source of the ICS packet.

The relay apparatus 120-1 transfers the ICS network packet to the accesscontrol apparatus 110-4 within the VAN-2 via the relay apparatus 120-2within the VAN-1, the inter-VAN gateway 130 and the relay apparatus120-3 within the VAN-2, based on the receiving ICS network address. Theoperation will be explained with reference to FIG. 19. The accesscontrol apparatus 110-4 receives the ICS network packet (Step S110),creates an ICS user packet F5 from the network data field (Step S11: ICSreverse encapsulation), and decides from the receiving ICS networkaddress the logic terminal for sending((1) of Step S112) and sends it tothe LAN 100-3 (Step S113). At the same time, in the event that therelation among the transmitting ICS network address “8822”, the senderICS user address “1156”, the receiver ICS user address “2212” and thereceiving ICS network address “7711” is not registered in the conversiontable within the access control apparatus 110-4, a value “2” of therequest identification, i.e., a designation of the inter-corporationcommunication is set to the temporary conversion table 114-2((2) of StepS112). The registration contents of the temporary conversion table 114-2are updated according to processes such as the contents being deleted ifthere is no usage thereof for 24 hours. The ICS user packet is routedthrough the LAN 100-3, and is transferred to the terminal having the ICSuser address “1156”. In a case that the column of the sender ICS useraddress in the conversion table 114-2 is separated as“intra-corporation” and “inter-corporation” of the conversion table113-1, e.g., in the case that “1159” is described in the conversiontable as the sender ICS user address “1159” which is described at theaddress column of user control field of ICS user packet just after theICS reverse encapsulation is processed. Then, the process in which theaddress of the user control field is rewritten to “0023” is added to theprocess of the Step S112(1). As described above, although the ICS useraddress “0023” for the intra-corporation communication is used withinLAN, the ICS “1159” for the corporations outside LAN. In anotherembodiments, the values are not set in the temporary conversion table.Further, in another embodiments, the conversion table 113-1 does notinclude the sender ICS address (intra-corporation) and the sender ICSuser address (inter-corporation) and does not include the flow (2) inFIG. 18, i.e., Step S105. At the Step S104, the sender ICS user addressis not referred. An effect of this embodiment is that register number ofthe conversion table is to be reduced to one of the sender ICS useraddress when there are many the sender ICS user addresses.

Embodiment-2 Virtual Dedicated Line

Now, description of the operation of virtual dedicated line connectionaccording to the present invention will be made with reference to FIG.20. Here, the virtual dedicated line connection refers to communicationwherein ICS user packets are transferred in a fixed manner to areceiving ICS network address already registered in the conversiontable, regardless of the ICS user address within the user control fieldof the ICS user packet, in which the format taken is one-on-one orone-on-N. While the components of FIG. 20 are the same as those ofEmbodiment-1 shown in FIGS. 14 and 15, what is different is the contentsof registration in the conversion table. In the conversion table of theaccess control apparatus, the receiving ICS network address isdetermined from the transmitting ICS network address in a fixed manner,so that either the sender ICS user address (intra-corporation), thesender ICS user address (inter-corporation) and the receiver ICS useraddress are either not registered, or ignored if registered.

Description will now be given regarding a case in which a corporation Xuses virtual dedicated line connection, and the communication isconducted between LAN 200-1 of the corporation X which is connected tothe access control apparatus 210-1, and LAN 200-2 of the corporation Xwhich is connected to the access control apparatus 210-5. The conversiontable 213-1 is shown in FIG. 21.

<<Preparation>>

The user applies to a VAN operator for virtual dedicated lineconnection. The VAN operator determines the ICS network address “7711”of the ICS logic terminal at the connection point between the accesscontrol apparatus 210-1 for connecting the LAN 200-1 of the corporationX and the user logic communications line 240-1, and similarly determinesthe ICS network address “9922” of the ICS logic terminal at theconnection point between the access control apparatus 210-5 forconnecting the LAN 200-2 of the corporation X and the user logiccommunications line 240-2. Next, the VAN operator performs setting tothe conversion table 213-1 of the access control apparatus 210-1 of thefollowing: the transmitting ICS network address “7711”, the receivingICS network address “9922” and the request type. Illustrated in FIG. 20is an example wherein the request type “3” has been made to serve as thevirtual dedicated line connection. Similarly, the VAN operator performssetting to the conversion table of the access control apparatus 210-5 ofthe following: the transmitting ICS network address “9922”, thereceiving ICS network address “7711” and the request type.

<<Procedures>>

The operation will be explained with reference to FIG. 22. The LAN 200-1of the corporation X sends a user packet F10 to the ICS 200 via the userlogic communication line 240. The access control apparatus 210-1 whichhas received the ICS user packet F10 from the logic terminal of the ICSnetwork address “7711” makes reference to the request type of thetransmitting ICS network address “7711” (Steps S200 and S201) andidentifies this as a virtual dedicated line connection by referring therequest identification “3” (Step S202), and reads the receiving ICSnetwork address “9922” (Step S203). Next, the access control apparatus210-1 adds a network control field to the ICS user packet F10 in whichthe receiving ICS network address is set to “9922” and the transmittingICS network address is set to “7711”, thus forming an ICS network packetF11 (Step S204: ICS encapsulation), and sends this to the relayapparatus 220-1 (Step S205). The relay apparatus 200-1 which receivesthe ICS network packet F11 determines the destination based on thereceiving ICS network address of the ICS network packet F11, and sendsan ICS network packet F12 to the relay apparatus 220-2. The ICS networkpacket F12 is transferred to the access control apparatus 210-5 via therelay apparatus 220-4 within the VAN-3.

The access control apparatus 210-5 removes the network control fieldfrom the ICS network packet F13 (ICS reverse encapsulation), and sendsthe ICS network packet F14 from the logic terminal of the ICS networkaddress “9922” to the user logic communications line 240-2. Then, theLAN 200-2 of the corporation X receives the ICS user packet F14.Transmission can be made in the same say as described from the LAN 200-2to the LAN 200-1, and thus, interactive communication is available.Using the same method, ICS user packets can be transferred from the LAN200-1 of the corporation X to a LAN 200-3 of another corporation Y.

Also, while the above description has been made with reference to a caseof one-on-one communication, one-on-N communication can also beperformed. For example, a plurality of ICS network addresses may be setto the conversion table 213-1 of the access control apparatus 210-1shown in FIG. 20, as indicated by the transmitting ICS network address“7712”. In the present example, two ICS network addresses are set,“6611” and “8822”. The access control apparatus 210-1, upon receivingthe ICS user packet from the ICS logic terminal with an ICS networkaddress “7712”, creates a first ICS network packet wherein a networkcontrol field set with “6611” for the receiving ICS network address isadded thereto, and a second ICS network packet wherein a network controlfield set with “8822” for the receiving ICS network address is addedthereto, these being sent to the relay apparatus 220-1. Consequently,one-on-two communication can be performed. Subsequently, one-on-Ncommunication can be performed by transferring each ICS network packetin the same manner as described above.

Embodiment-3 Embodiment Using an ATM Network

An embodiment will be described wherein the network inside the ICSaccording to the present invention is configured using an ATM network.The present embodiment will be described in the following order: (1)supplementary explanation of ATM-related conventional art, (2)description of components, (3) flow of packets using SVC, (4) flow ofpackets using PVC, (5) one-on-N or N-on-one communication using PVC, and(6) N-on-N communication using PVC. Incidentally, since the presentembodiment mainly discloses art regarding address conversion between ICSnetwork packets and ATM networks, so any of the following can be appliedto the present embodiment: intra-corporation communication service andinter-corporation communication service described in Embodiment-1 andvirtual dedicated line service described in Embodiment-2.

(1) Supplementary Explanation of ATM-Related Conventional Art:

First, supplementary explanation will be made regarding ATM-relatedconventional art to the extent that is necessary to describe the presentembodiment. With an ATM network, a plurality of non-fixed logic channelswhich can flexibly deal with communication speed and so forth can be seton a physical line, these logic channels being referred to as VCs(Virtual Channel). There are two types of virtual channels stipulatedaccording to the way of setting, SVC (Switched Virtual Channel) and PVC(Permanent Virtual Channel). The SVC performs call setting of a virtualchannel whenever necessary, and can establish a logic line having thenecessary speed for a necessary duration with an arbitrary ATM terminal(a general term for communication devices which are connected to the ATMnetwork and perform communications using the ATM network). Call settingof the virtual channel is performed by the ATM terminal which isattempting to initiate communication, and the “signaling method” isstandardized in ITU-T regarding this method. An address for identifyingthe destination ATM terminal to which call setting is to be performed(this address hereafter referred to as “ATM address”) is necessary forcall setting, and the ATM addresses are systematized so that each ATMterminal has a unique ATM address within the ATM network, in order toenable identification of the ATM terminals. There are the followingaddress systems: E.164 format stipulated in the ITU-T RecommendationsQ.2931, and the three types of NSAP method ATM addresses such as shownin FIG. 23 following the ATM Forum UNI 3.1 Specifications. Now,regarding ICS, which of the above ATM address systems is used is decidedby the specific construction of the ATM network, so description of thepresent embodiment will proceed using the term “ATM address”.

The PVC performs call setting in a semi-permanent manner, and can beconsidered to be a virtual line as viewed from the ATM terminal. IDs foridentifying virtual channels (hereafter referred to as “virtual channelID”) are appropriated to established virtual channels for both the VCand PVC. A virtual channel ID is comprised of the VPI (Virtual PathIdentifier) and the VCI (Virtual Channel Identifier) of the cell headerportion of the ATM cell format (63 bytes) shown in FIG. 24.

Information communication within the ATM network is performed ininformation units of the ATM cell format shown in FIG. 24, so there isthe necessity to convert the ICS network packets into the ATM cells inorder to send over an ATM network. This conversion is performed in twosteps: conversion to CPCS (Common Part Convergence Sublayer) shown inFIG. 25, and degradation of the CPCS frames to the ATM frames as shownin FIG. 26. Dividing a communication packet into ATM cells results in aplurality of the ATM cells in most circumstances, so the series of ATMcells related to the since communication packet is referred to as an ATMcell sequence. Reception of an ATM cell sequence results in reverseconversion, which is performed in two steps: assembling a CPCS framefrom the ATM cell sequence shown in FIG. 26, and extracting andreproducing the communication packet (ICS network packet) from the CPCSframe shown in FIG. 25. Conversion to the CPCS frame anddegradation/assembly of the ATM cells constitute known art, which hasbeen standardized following the ITU-T Recommendations. Also, protocolheaders within the CPCS frame user information have been standardized inRFC1483 of IETF.

(2) Description of Components:

FIGS. 27 and 28 focus on the ATM network 1042, in which the internalconstruction of the conversion unit 1033-1 within the ATM exchange10133-1 and of the conversion unit 1033-2 within the ATM exchange10133-2 is described, and also the access control apparatus 1010-2 and1010-1 are described in a simplified manner. Contents of an ATM addressconversion table 1533-5 and a VC address conversion table 1433-5 areshown in FIG. 29, and contents of an ATM address conversion table 1533-6and a VC address conversion table 1433-6 are shown in FIG. 30. In thepresent embodiment, the internal configuration of the access controlapparatus and the operation of the processing device within the accesscontrol apparatus are basically the same in principle as the descriptiongiven in Embodiment-1.

Appropriated to the access control apparatus 1010-5 shown in FIG. 27 areICS network addresses “7711” and “7722”, serving as connection points(ICS logic terminals) for corporations X and A which are the users ofthe ICS 905. Also appropriated to the access control apparatus 1010-7are ICS network addresses “7733” and “7744”, serving as connectionpoints for corporations W and C, similarly. In FIG. 28, appropriated tothe access control apparatus 1010-6 are ICS network addresses “9922” and“9933”, serving as connection points for corpora-tions Y and B, andsimilarly appropriated to the access control apparatus 1010-8 are ICSnetwork addresses “9944” and “9955”, serving as connection points forcorporations Z and D. Here, in the ATM network embodiment, thecorporations X, Y and so forth, which are given as examples of users,may be differing locations within a single corporation which performsintra-corporation communication, or may be different corporations whichperform inter-corporation communication.

An interface unit 1133-5 is provided in the conversion unit 1033-5within the ATM exchange 10133-5, this interface unit 1133-5 handling theprocessing of rectifying interfacing (physical layers, data link layerprotocol) of the communication lines connecting the access controlapparatus 1010-5 and the ATM exchange 10133-5. The conversion unit1033-5 is comprised of a processing device 1233-5, and also an ATMaddress conversion table 1533-5 for call setting with the SVC, and a VCaddress conversion table 1433-5 for converting addresses from ICSnetwork addresses used by both SVC and PVC to virtual channel. Also, theATM exchange 10133-5 connects the ATM address administration server1633-5 serving as an information processing device for storing the ATMaddress conversion table with, in the case of using PVC, the PVC addressadministration server 1733-5 serving as an information processing devicefor storing the VC address conversion table, thereby performing theinformation processing relating to address conversion. The componentsmaking up the ATM exchange 10133-6 are the same as the description givenregarding the ATM exchange 10133-5. In FIGS. 27 and 28, the accesscontrol apparatus 1010-5 and the access control apparatus 1010-7 areconnected to the ATM exchange 10133-5 via the communication line 1810-5and communication line 1810-7, respectively, and also, the accesscontrol apparatus 1010-6 and the access control apparatus 1010-8 areconnected to the ATM exchange 10133-6 via the communication line 1810-6and communication line 1810-8, respectively. An ATM address “3977”unique to the network is set to the conversion unit 1033-5 within theATM exchange 10133-5, and an ATM address “3999” unique to the network isset to the conversion unit 1033-6 within the ATM exchange 10133-6. TheATM exchange 10133-5 and the ATM exchange 10133-6 are connected via theATM exchange 10133-7 in the present embodiment.

(3) Flow of Packets Using SVC:

An embodiment wherein SVC is applied as a communication path within theATM network will be described with an example of an ICS user packet sentfrom a terminal of a corporation X toward a terminal of a corporation Y,with reference to FIGS. 27 and 28.

<<Preparation>>

A receiving ICS network address indicating the destination of the ICSnetwork packet, a receiving ATM address for indicating the other partyfor call setting of the virtual channel on the ATM network, and channelcapabilities such as communication speed requested by the virtualchannel, are registered in the ATM address conversion table 1533-5.Also, similar registration is made to the ATM address conversion table1533-6. In the embodiment, the values set in the ATM address conversiontable 1533-5 are as follows: “9922” which is the ICS network addressappropriated to the ICS logic terminal of the access control apparatus1010-6 is set as the communication address of the corporation Y, and theATM address “3999” which is uniquely appropriated to the conversion unit1033-6 within the ATM network is registered as the receiving ATMaddress. In the present embodiment, a communication speed of 64 Kbps isset as the channel capabilities. The contents registered to the ATMaddress conversion table 1533-5 are also written to the ATM addressadministration server 1633-5.

The values set in the ATM address conversion table 1533-6 are asfollows: “7711” which is the ICS network address appropriated to the ICSlogic terminal of the access control apparatus 1010-5 is set as thecommunication address of the corporation X, and the ATM address “3977”which is uniquely appropriated in the ATM network to the conversion unit1033-5 within the ATM exchange 10133-5 to which the access controlapparatus 1010-5 is connected is registered as the receiving ATMaddress. In the present embodiment, a communication speed of 64 Kbps isset as the channel capabilities. The contents registered to the ATMaddress conversion table 1533-6 are also written to the ATM addressadministration server 1633-6.

<<Transferring ICS Network Packets from the Access Control Apparatus>>

As described in Embodiment-1, the ICS user packets sent from a terminalof the corporation X toward the terminal of the corporation Y connectedto the access control apparatus 1010-6 via the access control apparatus1010-5 is encapsulated upon passing through the access control apparatus1010-5, and becomes an ICS network packet F1 having the transmitting ICSnetwork address “7711” and the receiving ICS network address “9922” asan ICS packet header. The ICS network packet F1 is sent from the accesscontrol apparatus 1010-5 to the ATM exchange 10133-5, and reaches theconversion unit 1033-5. The following is a description thereof made withreference to FIG. 31.

<<Obtaining a Virtual Channel ID>>

Once the conversion unit 1033-5 receives the ICS network packet F1 (StepS1601), there is the need to request a virtual channel ID of the SVCvirtual channel determined by the relation of the transmitting ICSnetwork address “7711” and the receiving ICS network address “9922” inthe ICS packet header, in order to correctly transfer the receivedpacket F1 to the ATM exchange 10133-5. In the case that thecommunication is based on the SVC, there are cases that the virtualchannel corresponding with the communication path is established at thetime of the receiving the ICS network packet, and cases in which thevirtual channel has not yet been established. In order to find outwhether or not the virtual channel has been established, the processingdevice 1233-5 first searches whether or not a virtual channelcorresponding with the pair of a transmitting ICS network address “7711”and a receiving ICS network address “9922” is registered in the VCaddress conversion table 1433-5 (Step S1602), and in the event thatthere is registration here, establishment of the virtual channel can bethus confirmed. That is, the fact that the virtual channel correspondingwith the pair of transmitting ICS network address “7711” and receivingICS network address “9922” is “33” is obtained, and further, it can befound that this virtual channel is communicating based on the SVC, fromthe value “11” of the channel type obtained at the same time. In theevent that there is no such registration on the VC address conversiontable 1433-5, the requested virtual channel is established with thelatter-described <<call setting>>, and the virtual channel ID isobtained from the information registered to the VC address conversiontable 1433-5 at that point (Step S1603).

<<Call Setting>>

Regarding the above-mentioned case wherein “there is no registration ofa virtual channel ID corresponding with a communication path determinedby correspondence between a transmitting ICS network address and areceiving ICS network address on the VC address conversion table1433-5”, i.e., in the case that there is no virtual channel IDcorresponding with the communication path established yet, it becomesnecessary to perform the following call setting, to establish a virtualchannel within the ATM network comprising ICS 905. An example ofoperation of the call setting will now be described.

The processing device 1233-5 of the conversion unit 1033-5, upon makingreference to the VC address conversion table 1433-5 and finding thatthere is no registration of a virtual channel ID corresponding with thepair of transmitting ICS network address “7711” and receiving ICSnetwork address “9922” (Step S1602), the processing device 1233-5 of theconversion unit 1033-5 refers to the VC address conversion table 1533-5,finds the receiving ICS network address “9922” registered in the VCaddress conversion table 1533-5 matching the receiving ICS networkaddress “9922”, and obtains transmitting ATM address “3999”corresponding thereto and channel capabilities “64K” correspondingthereto, and so forth. The processing device 1233-5 uses the obtainedtransmitting ATM address “3999” to perform a request for call setting tothe ATM exchange 10133-5, and also requested at this time is channelcapabilities such as communication speed of the virtual channelsimultaneously obtained from the VC address conversion table 1533-5 andso forth. The ATM exchange 10133-5, upon receiving the call settingrequest, uses a signal method which is provided standard to ATMexchanges proper as known technique to establish a virtual channelwithin the ATM network which reaches the ATM exchange 10133-6 (StepS1606).

The virtual channel ID appropriated for identification of the virtualchannel is notified from the ATM exchanges to conversion units 1033-5and 1033-6 therein, but in the event that this is based on stipulationsof a signal method according to known technique, the value notified fromthe calling party ATM exchange 10133-5 (e.g., “33”) and the valuenotified from the receiving party ATM exchange 10133-3 (e.g., “44”) maynot be the same value. At the conversion unit 1033-5, the virtualchannel ID “33” which is notified from the ATM exchange 10133-5 isregistered in the VC address conversion table 1433-5 along with thetransmitting ICS network address “7711” and the receiving ICS networkaddress “9922” (Step S1607), and stores these on the VC addressconversion table 1433-5 while the connection of this virtual channel isestablished. When the virtual channel connection is no longer necessary,the conversion unit 1033-5 requests call release of the virtual channelto the ATM exchange 10133-5, and at the same time deletes theregistration corresponding with virtual channel ID “33” on the VCaddress conversion table 1433-5. Registration to the VC addressconversion table 1433-6 in the conversion unit 1033-6 will be describedlater.

<<Packet Transfer>>

The processing device 1233-5 of the conversion unit 1033-5 converts theICS network packet F1 received from the access control apparatus 1010-5into a CPCS frame shown in FIG. 25 according to the virtual channel(virtual channel ID “33”) established according the above description,and further performs degradation into ATM cells as shown in FIG. 26 andtransfers to the relay ATM exchange 10133-7(Step S1604).

<<Transfer of ATM Cells>>

According to the above-described method, the ATM cell series S1comprised of a plurality of cells obtained by converting the ICS networkpacket F1 is transferred from the ATM exchange 10133-5 to the relay ATMexchange 10133-5, and further is transferred to the ATM exchange 10133-6as ATM cell series S2. The following is a description thereof withreference to the flowchart in FIG. 32.

<<Operation Following Arrival of Packet>>

Once the ATM cell series S2 reaches the ATM exchange 10133-6 (StepS1610), this ATM cell series S2 is transferred from the ATM exchange10133-6 to the conversion unit 1033-6. At the conversion unit 1033-6 asshown in FIG. 26, the received ATM cells are assembled into a CPCSframe, and further, as shown in FIG. 25, an ICS network packet isrestored from the CPCS frame (Step S1611). In FIG. 28, the restored ICSnetwork packet is shown as ICS network packet F2, but the contentsthereof are identical to that of the ICS network packet F1. The ICSnetwork packet F2 is transferred to an access control apparatusdetermined by the receiving ICS network address “9922” in the headerthereof, i.e., to access control apparatus 1010-6 which has an ICS logicterminal appropriated with ICS network address “9922” (Step S1612).

At this time, at the conversion unit 1033-6, the transmitting ICSnetwork address “7711”, the receiving ICS network address “9922”, thechannel type “11” indicating the fact this is SVC identified at thepoint of receiving the call, and the virtual channel ID “44”appropriated at the time of call setting of the SVC virtual channel areregistered in the VC address conversion table 1433-6 (Step S1614), andat this time, the transmitting ICS network address “7711” of the ICSnetwork packet F2 is written to the receiving ICS network address of theVC address conversion table 1433-6, and the receiving ICS networkaddress “9922” is written to the transmitting ICS network address of theVC address conversion table 1433-6, i.e., these are written in reversepositions. However, if at the point of registration an item alreadyexists within the VC address conversion table 1433-6 identical to thatregarding which registration is being attempted, no registration ismade. The address conversion information registered in the VC addressconversion table 1433-6 is stored on the VC address conversion table1433-5 while the connection of the virtual channel having acorresponding virtual channel (in this example, virtual channel ID “44”)is established (Step S1613).

<<Reverse Packet Flow>>

Now, description of the case of reverse flow of the ICS packet, i.e.,flow from a corporation Y to a corporation X, will be made withreference to FIGS. 27 and 28, under the presumption that call setting ofthe SVC virtual channel has been made according to the abovedescription. An ICS user packet sent out from the corporation Y to thecorporation X is converted into an ICS network packet F3 having thetransmitting ICS network address “9922” and the receiving ICS networkaddress “7711” in the header portion thereof, and the processingfollowing the flow shown in FIG. 31 as described above is performed bythe processing device 1233-6 of the conversion unit 1033-6 within theATM exchange 10133-6.

In this case, the VC address conversion table 1433-5 in the conversionunit 1033-6 has registered therein a virtual channel ID “44” with achannel type “11” which means SVC, corresponding with the transmittingICS network address “9922” and receiving ICS network address “7711”, sothe system operates following the flow(1) shown in FIG. 31, therebyconverting the ICS network packet F3 into a plurality of ATM cells (ATMseries S3) and transferring, with regard to the virtual channel ID “44”.The ICS network packet F3 is relayed and transferred by the relay ATMexchange 10133-5, become ATM series S4 and reach the ATM exchange10133-5, are received via the virtual channel having virtual channel ID“33” in the conversion unit 1033-6 thereof, and restored into an ICSnetwork packet F4 having identical contents with the ICS network packetF3. In the conversion unit 1033-5, the pair of the transmitting ICSnetwork address “9922” and the receiving ICS network address “7711” inthe header of the ICS network packet F4 is already registered in the VCaddress conversion table 1433-5 in reverse fashion, so registration tothe VC address conversion table is not performed, and the ICS networkpacket F4 is transferred to the access control apparatus 1010-5.

<<Example of Application to Half-Duplex Communication>>

The above description has been made with reference to cases wherein anICS packet is transferred from the corporation X to the corporation Y,and reverse from the corporation Y to the corporation X, with an networkwithin the ICS 905 having been configured of an ATM network, beingcarried out with a single SVC virtual channel. For example, applyingthis transfer and reverse transfer to a request packet to a serverterminal of the corporation Y to be connected to the ICS from a clientterminal of the corporation X to be connected to the ICS (transfer), anda response packet to this request packet from the client terminal of thecorporation X to server terminal of the corporation Y (reverse transfer)results in an application example of half-duplex communication in whichone-way communication is performed at times, and both-way communicationis realized by switching the communication direction by time frames.

<<Example of Application to Full-Duplex Communication>>

The virtual channel set on the ATM network is capable of full-duplexcommunication, i.e., simultaneous both-way communication, due to the ATMstipulations. For example, applying the transfer and reverse transfer torequest packets to a plurality of server terminals of the corporation Yto be connected to the ICS from a plurality of client terminals of thecorporation X to be connected to the ICS (transfer), and responsepackets to the request packets from the plurality of client terminals ofthe corporation X to the plurality of server terminals of thecorporation Y (reverse transfer) results in asynchronous transfer ofpackets between the client terminals and the server terminals, sosimultaneous both-way communication is conducted on the single SVCvirtual channel serving as the communication path, thereby making for anapplication example of full-duplex communication.

(4) Flow of Packets Using PVC

An embodiment wherein the network within the ICS 906 is configured withan ATM network and PVC is applied as a communication path within the ATMnetwork will be described with an example of an ICS user packet sentfrom a terminal of a corporation W toward a terminal of a corporation Z,with reference to FIGS. 27 and 28.

<<Preparation>>

A transmitting ICS network address, a receiving ICS address, the virtualchannel ID of the PVC fixed on the ATM network (indicating thecommunication path between the ATM exchange 10133-5 and the ATM exchange10133-6), and the channel type indicating that the virtual channel ID isPVC, are registered in the VC address conversion table 1433-5. Thisregistration is different from the case of SVC, in that registration ismade in the VC address conversion table 1433-5 at the same time that thePVC virtual channel is set in the ATM exchanges (10133-5, 10133-7,10133-6) serving as the communication path, and is saved in a fixedmanner while the communication path is necessary, i.e., until thesetting of the PVC virtual channel is canceled. Also, the registrationis made to the VC address conversion table 1433-6 in the same manner.Incidentally, the PVC virtual channel ID is appropriated to therespective ATM exchanges at the time that PVC is fixedly connectedbetween the ATM exchanges.

The values set in the VC address conversion table 1433-5 are as follows:value “7733” which is the transmitting ICS network address appropriatedto the ICS logic terminal of the access control apparatus 1010-7 is setas the communication address of the corporation W, and value “9944”which is the receiving ICS network address appropriated to the ICS logicterminal of the access control apparatus 1010-8 is set as thecommunication address of the corporation Z. Further, the PVC virtualchannel ID “55” which is appropriated to the ATM exchange 10133-5 is setas the virtual channel ID, and value “22” is set as the channel type,indicating the PVC. Also, settings for registering to the VC addressconversion table 1433-5 are written to the PVC address administrationserver 1733-5, and stored.

In the same way, similar settings are made in the VC address conversiontable 1433-6 in the conversion unit 1033-6 in the ATM exchange 10133-6,with the transmitting ICS network address and the receiving ICS networkaddress reversed. In this case, even if the same PVC is being implied,the virtual channel ID may be of a different value to the VC addressconversion table 1433-5. When the registering to VC address conversiontable 1433-6 in this instance, this is also written to and stored in thePVC address administration server 1733-6.

The values set in the VC address conversion table 1433-6 are as follows:value “9944” which is the transmitting ICS network address appropriatedto the ICS logic terminal of the access control apparatus 1010-8 is setas the communication address of the corporation Z, and value “7733”which is the receiving ICS network address appropriated to the ICS logicterminal of the access control apparatus 1010-7 is set as thecommunication address of the corporation W. Further, the PVC virtualchannel ID “66” which is appropriated to the ATM exchange 10133-6 is setas the virtual channel ID, and value “22” is set as the channel type,indicating PVC.

<<Transferring ICS Network Packets from Access Control Apparatus>>

The ICS user packet sent toward the terminal of the corporation Zconnected to the access control apparatus 1010-5 via the access controlapparatus 1010-7 is ICS-encapsulated upon passing through the accesscontrol apparatus 1010-7, and becomes an ICS network packet F5 havingthe transmitting ICS network address “7733” and the receiving ICSnetwork address “9944” as an ICS packet header. The ICS network packetF5 is sent from the access control apparatus 1010-7 to the ATM exchange10133-5, and reaches the conversion unit 1033-5 via the interface unit1133-5.

<<Obtaining a Virtual Channel ID>>

The processing device 1233-5 refers to the VC address conversion table1433-5 using the transmitting ICS network address “7733” and thereceiving ICS network address “9944” in the header of the received ICSnetwork packet F5, and obtains the fact that the virtual channel IDidentifying the virtual channel set between the conversion units 1033-5and 1033-6 inside the ATM exchange 10133-6 connected to the accesscontrol apparatus 1010-8 with the ICS logic terminal provided with areviving ICS network address “9944” is “55”. At the same time, it can befound that the virtual channel is PVC, from the value “22” of thechannel type obtained.

<<Transfer of Packets>>

The processing device 1233-5 converts the ICS network packet F5 receivedfrom the access control apparatus 1010-7 into an ATM cell series, andtransfers this to the ATM exchange 10133-7, with regard to the PVCvirtual channel “55” obtained as described above. The method of ATM cellconversion is the same as that described above in the embodiment of SVC.The above processing procedures of the conversion unit 1033-5 are asshown in FIG. 31, and PVC always follows the flow (1).

<<Transfer of ATM Cells>>

The ATM cell series S1 comprised of a plurality of cells obtained byconverting the ICS network packet F1 is transferred from the ATMexchange 10133-5 to the relay ATM exchange 10133-7, and further istransferred to the ATM exchange 10133-6 as ATM cell series S2. Thisoperation is the same as with SVC.

<<Operation Following Arrival of Packet>>

Once the ATM cell series S2 reaches the ATM exchange 10133-6, this ATMcell series S2 is transferred from the ATM exchange 10133-6 to theconversion unit 1033-6 within the ATM exchange 10133-6. The conversionunit 1033-6 assembles the received ATM cells into a CPCS frame, which isthe same as with SVC. In FIG. 28, the restored ICS network packet isshown as an ICS network packet F6, but the contents thereof areidentical to that of the ICS network packet F5. The ICS network packetF6 is transferred to an access control apparatus determined by thereceiving ICS network address “9944” in the header thereof, i.e., toaccess control device 1010-8 which has an ICS logic terminalappropriated with ICS network address “9944”. The above processingprocedures of the conversion unit 1033-6 are as shown in FIG. 32, andPVC always follows the flow (1).

<<Reverse Packet Flow>>

Next, description of the case of reverse flow of the ICS packet, i.e.,flow from the corporation Z to the corporation W, will be made withreference to FIGS. 27 and 28, in the same manner as above. An ICS userpacket sent out from the corporation Z to the corporation W isICS-encapsulated into an ICS network packet F7 having the transmittingICS network address “9944” and the receiving ICS network address “7733”in the header portion thereof, and the processing following the flowshown in FIG. 31 as described above is performed by the processingdevice 1233-6 of the conversion unit 1033-6 within the ATM exchange10133-6. In this case, the VC address conversion table 1433-6 in theconversion unit 1033-6 has registered therein a virtual channel ID “66”corresponding with a transmitting ICS network address “9944” and areceiving ICS network address “7733”, so the system converts the ICSnetwork packet F7 into a plurality of ATM cell series and transfers,with regard to the virtual channel ID “66”.

The ATM cell series transferred through the ATM network reach theconverting unit 1033-5 of the ATM exchange 10133-5, are received via thevirtual channel having virtual channel ID “55”, and restored into an ICSnetwork packet F8 having identical contents with the ICS network frameF7. However, in the conversion unit 1033-5, the pair of the transmittingICS network address “9944” and the receiving ICS network address “7733”in the header of the ICS network packet F4 is already registered in theVC address conversion table 1433-5 in reverse fashion, and informationthat the virtual channel ID “55” as to this transmitting/receivingaddress pair is channel type “22” is obtained, so registration to the VCaddress conversion table is not performed, and the ICS network packet F8is transferred to the access control apparatus 1010-7.

<<Example of Application to Half-Duplex Communication>>

The above description has been made with reference to an embodiment oftransferring an ICS packet using PVC with a network within ICS 905having been configured of an ATM network, but the difference between thePVC and the SVC is whether the virtual channel is fixed or called andset as necessary, so there is no difference in the operation itself oftransferring packets over the set virtual channel. Accordingly,regarding the ICS according to the present invention, an example ofapplication to half-duplex communication using an ATM network PVCvirtual channel is the same as an example of application to half-duplexcommunication using a SVC network PVC virtual channel.

<<Example of Application to Full-Duplex Communication>>

The example of application of PVC full-duplex communication isequivalent to the example of application of full-duplex communication inSVC, due to the same reason as the example of application to half-duplexcommunication.

(5) One-on-N or N-on-One Communication Using PVC

In the above example, an embodiment was described wherein one virtualchannel was described as a communication path connecting one corporation(location) with one corporation (location), i.e., a communication pathconnecting one ICS logic terminal with one ICS logic terminal, but onePVC virtual channel can be used as a communication path connecting oneICS logic terminal with a plurality of ICS logic terminals. SuchOne-on-N or N-on-one communication will be described with reference toFIGS. 33 and 34.

<<Description of Components>>

In FIGS. 33 and 34, regarding the access control apparatus 1010-10, thecorporation X is connected to an ATM exchange 10133-10 with an ICS logicterminal within the access control apparatus 1010-10 provided with theICS network address “7711”. With the parties to be reached from thecorporation X as the corporations A through D, the corporation A isconnected to an ICS logic terminal within the access control apparatus1010-20 provided with the ICS network address “9922”, and thecorporation B is connected to an ICS logic terminal within the accesscontrol apparatus 1010-20 provided with the ICS network address “9923”.In the same manner, the corporation C is connected to an ICS logicterminal within the access control apparatus 1010-40 provided with theICS network address “9944”, and the corporation D is connected to an ICSlogic terminal within the access control apparatus 1010-40 provided withthe ICS network address “9955”. The access control apparatuses 1010-20and 1010-40 are connected to the ATM exchange 10133-20, and the ATMexchanges 10133-10 and 10133-20 are connected via a relay network.

<<Preparation>>

With regard to the ATM exchanges 10133-10 and ATM 10133-20, a single PVCvirtual channel connecting the conversion unit 1033-10 within the ATMexchange 10133-10 and the conversion unit 1033-20 within the ATMexchange 10133-20, setting “33” as the virtual channel ID provided tothe conversion unit 1033-10 of the virtual channel, and “44” as thevirtual channel ID provided to the conversion unit 1033-20 of thevirtual channel. Registration such as shown in FIGS. 33 and 34 isperformed regarding the VC address conversion table 1433-1 within theconversion unit 1033-10 and the VC address conversion table 1433-20within the conversion unit 1033-20.

<<Packet Flow for One-on-N Communication>>

The flow of packets for one-on-N communication will be describedconcerning packets sent from the corporation X to each of thecorpo-rations A through D. An ICS network packet sent from thecorporation X toward the corporation A, having a transmitting ICSnetwork address “7711” and a receiving network address “9922”, istransferred to the PVC virtual channel with a virtual channel ID “33”,by means of making reference to the VC address conversion table 1433-20in the conversion unit 1033-10. An ICS network packet sent from thecorporation X toward the corporation B, having a transmitting ICSnetwork address “7711” and a receiving network address “9933”, is alsotransferred to the PVC virtual channel with a virtual channel ID “33”.An ICS network packet sent from the corporation X toward the corporationC, having a transmitting ICS network address “7711” and a receivingnetwork address “9944”, and An ICS network packet sent from thecorporation X toward the corporation D, having a transmitting ICSnetwork address “7711” and a receiving network address “9955” aretransferred to the PVC virtual channel with a virtual channel ID “33” inthe same manner. This indicates that one-on-N (corporation X tocorporations A through D) communication is being performed while sharinga single PVC virtual channel. Reverse packet flow, i.e., transfer fromthe corporations A through D to the corporation X, will be described inthe next section.

<<Packet Flow for N-on-One Communication>>

The flow of packets for N-on-one communication will be describedconcerning packets sent to the corporation X from each of thecorporations A through D. An ICS network packet sent toward thecorporation X from the corporation A, having a transmitting ICS networkaddress “9922” and a receiving network address “7711”, is transferred tothe PVC virtual channel with a virtual channel ID “44”, by means ofmaking reference to the VC address conversion table 1433-20 in theconversion unit 1033-20. An ICS network packet sent toward thecorporation X from the corporation B, having a transmitting ICS networkaddress “9933” and a receiving network address “7711”, is alsotransferred to the PVC virtual channel with a virtual channel ID “44”.An ICS network packet sent toward the corporation X from thecorpo-ration C, having a transmitting ICS network address “9944” and areceiving network address “7711”, and An ICS network packet sent towardthe corporation X from the corporation D, having a transmitting ICSnetwork address “9955” and a receiving network address “7711” aretransferred to the PVC virtual channel with a virtual channel ID “44” inthe same manner. This indicates that N-on-one (corporations A through Dto corporation X) communication is being performed while sharing asingle PVC virtual channel.

(6) N-on-N Communication Using PVC

Using the same method as one-on-N communication, one PVC virtual channelcan be used as a communication path connecting a plurality of ICS logicterminals with a plurality of ICS logic terminals. Such N-on-Ncommunication will be described with reference to FIGS. 35 and 36.

<<Description of Components>>

The corporation X has ICS logic terminal address “7711” of the accesscontrol apparatus 1010-11 as the contact point thereof, the corporationY has ICS logic terminal address “7722” of the access control apparatus1010-11 as the contact point thereof, and the access control apparatus1010-11 is connected to the ATM exchange 10133-11. With the other partywhich the corporation X or corporation Y is attempting to reach as thecorporation A or corporation C. The corporation A has ICS logic terminaladdress “9922” of the access control apparatus 1010-21 as the contactpoint thereof, the corporation Y has ICS logic terminal address “9944”of the access control apparatus 1010-41 as the contact point thereof.The access control apparatuses 1010-21 and 1010-4 are connected to theATM exchange 10133-21, and the ATM exchanges 10133-11 and 10133-21 areconnected via a relay network.

<<Preparation>>

With regard to the ATM exchanges 10133-11 and 10133-21, a single PVCvirtual channel connects the conversion unit 1033-11 within the ATMexchange 10133-11 and the conversion unit 1033-21 within the ATMexchange 10133-21, setting “33” as the virtual channel ID provided tothe conversion unit 1033-11 of the virtual channel, and “44” as thevirtual channel ID provided to the conversion unit 1033-21 of thevirtual channel. Registration such as shown in FIGS. 35 and 36 isperformed regarding the VC address conversion table 1433-11 within theconversion unit 1033-11 and the VC address conversion table 1433-21within the conversion unit 1033-21.

<<Packet Flow for N-on-N Communication>>

The flow of packets for N-on-N communication will first be describedconcerning packets sent from the corporation X to each of thecorporations A and C. An ICS network packet sent from the corporation Xtoward the corporation A, having a transmitting ICS network address“7711” and a receiving network address “9922”, is transferred to the PVCvirtual channel with a virtual channel ID “33”, by means of makingreference to the VC address conversion table 1433-11 in the conversionunit 1033-1. An ICS network packet sent from the corporation X towardthe corporation C, having a transmitting ICS network address “7711” anda receiving network address “9944”, is also transferred to the PVCvirtual channel with a virtual channel ID “33”. Next, the flow ofpackets will be described concerning packets sent from the corporation Yto each of the corporations A and C. An ICS network packet sent from thecorporation Y toward the corporation A, having a transmitting ICSnetwork address “7722” and a receiving network address “9922”, istransferred to the PVC virtual channel with a virtual channel ID “33”,by means of making reference to the VC address conversion table 1433-11in the conversion unit 1033-11. An ICS network packet sent from thecorporation Y toward the corporation C, having a transmitting ICSnetwork address “7722” and a receiving network address “9944”, is alsotransferred to the PVC virtual channel with a virtual channel ID “33”.

Next, reverse packet flow will be described concerning packets sent toeach of the corporations X and Y from the corporation A. An ICS networkpacket sent toward the corporation X from the corporation A, having atransmitting ICS network address “9922” and a receiving network address“7711”, is transferred to the PVC virtual channel with a virtual channelID “44”, by means of making reference to the VC address conversion table1433-21 in the conversion unit 1033-2. An ICS network packet sent towardthe corporation Y from the corporation A, having a transmitting ICSnetwork address “9922” and a receiving network address “7722”, is alsotransferred to the PVC virtual channel with a virtual channel ID “44”,by means of making reference to the VC address conversion table 1433-2in the conversion unit 1033-2. An ICS network packet sent toward thecorporation X from the corporation C, having a transmitting ICS networkaddress “9944” and a receiving network address “7711”, is transferred tothe PVC virtual channel with a virtual channel ID “44”. An ICS networkpacket sent toward the corporation Y from the corporation C, having atransmitting ICS network address “9944” and a receiving network address“7722”, is also transferred to the PVC virtual channel with a virtualchannel ID “44”. Thus, N-on-N communication is performed while sharing asingle PVC virtual channel.

Embodiment-4 Embodiment Using an FR Network

An embodiment will be described wherein the network inside the ICSaccording to the present invention is configured using an FR network.The present embodiment will be described in the following order: (1)supplementary explanation of FR-related conventional art, (2)description of components, (3) flow of packets using SVC, (4) flow ofpackets using PVC, (5) one-on-N or N-on-one communication using PVC, and(6) N-on-N communication using PVC. With the present embodiment, twotypes of methods using SVC or PVC may be used separately, or these maybe used in conjunction. Description will be given regarding each of thecases of using SVC and PVC. Also, intra-corporation communicationservice and inter-corporation communication service described inEmbodiment-1, and virtual dedicated line service described inEmbodiment-2, can both be realized with the access control apparatusaccording to the present invention, so there is no need to considerthese separately regarding network packet communication with the networkwithin the ICS. Rather, in the present embodiment, these communicationservices will be described integrally.

(1) Supplementary Explanation of FR-Related Conventional Art:

First, supplementary explanation will be made regarding FR-relatedconventional art to the extent that is necessary to describe the presentembodiment.

A frame relay consists of using communication information units calledpackets with variable lengths to perform communication and to specifythe communication path for each packet. This is a conventional art whichhas been standardized in the ITU.TI.233 Recommendations and so forthwhich have realized accumulated exchange of packets within a circuitnetwork, and also logic multiplexing (a technique for multiplexing asingle physical line into a plurality of logic lines). The service usingthe above technique is referred to as Frame Mode Bearer Service(hereafter referred to as “FMBS”), and stipulated for FMBS are: theFrame Switch Bearer Service (hereafter referred to as “FSBS”) whereinthe other party to which connection is to be made is selected (SVC); andthe Frame Relay Bearer Service (hereafter referred to as “FRBS”) whereinthe other party to which connection is to be made is fixed (PVC). Theterm “Frame Relay” generally only indicates FRBS (“Frame Relay” in thenarrow sense) at times, but with the present invention, “Frame Relay” isused as a term indicating all FMBS including FSBS and FRBS. In the eventthat only FSBS is to be specifically indicated, the term “frame relayusing SVC” will be used, and in the event that only FRBS is to bespecifically indicated, the term “frame relay using PVC” will be used.Hereafter, the above-defined “frame relay in the wide sense (FMBS)” willbe referred to as FR, and packets transferred over an FR network will becalled “FR packets” in order to distinguish these from ICS packets.

As described earlier, with an FR network, a plurality of logic lines canbe set on a physical line, these logic lines being referred to as logicchannels. Identifiers appropriated to FR terminals connecting to bothends of the logic channels (an overall reference to communicationequipment connected to the FR network and communicating using the FRnetwork) in order to identify the logic channels are called Data LinkConnection Identifiers (hereafter referred to as “DLCI”). SVC and PVCare stipulated to logic channels, depending on the way of setting. SVCperforms call setting of the logic channel when necessary, and iscapable of obtaining a logic line with any FR terminal for a necessaryduration, at a necessary speed. Call setting of the logic channel isperformed by the FR terminal attempting to initiate communication, themethod thereof being standardized in ITU-T. Call setting requires anaddress for identifying the FR terminal of the other party to which thecall is to be set (hereafter referred to as “FR address”), the FRaddresses being systematized so as to be unique in the FR network,thereby enabling identification of each FR terminal. PVC is for fixedlysetting a call setting to the FR exchange, and can be viewed as avirtual dedicated line from the point of the FR terminal.

Regarding the established logic channels, DLCIs for identifying logicchannels are appropriate for both SVC and PVC, and in the event oftransferring an FR packet, the DLCI is set at the DLCI bit portion onthe FR packet address portion shown in FIG. 37. There are three formatsstipulated for the FR packet address portion, FIG. 37 showing the 2-byteformat which is one of these. Logic channel capabilities (channelcapabilities) of the FR network include: Committed Information Rate(hereafter referred to as “CIR”) which is the information transfer speedguaranteed at a normal state (a state wherein there is no congestion) ofthe FR network.

There is the necessity to convert ICS network packets into FR packets inorder to send such communication packets over an FR network, as shown inFIG. 38. Reception of an FR packet results in reverse conversion,consisting of extracting and reproducing the communication packet (ICSnetwork packet) from the FR packet as shown in FIG. 38. Conversion ofthis FR packet has been standardized following the ITU-TRecommendations. Also, protocol headers within the FR packet userinformation have been standardized in RFC1490 of IETF.

(2) Description of Components:

FIGS. 39 and 40 show a forth embodiment of the present invention. In thepresent embodiment, the internal configuration of the access controlapparatus and the operation of the processing device within the accesscontrol apparatus are basically the same in principle as the descriptiongiven in Embodiment-1.

Appropriated to the access control apparatus 1010-5 are ICS networkaddresses “7711” and “7722”, serving as connection points (ICS logicterminals) for the corporations X and A which are the users of the ICS925. Also appropriated to the access control apparatus 1010-7 are ICSnetwork addresses “7733” and “7744”, serving as connection points forthe corporations W and C, similarly. Appropriated to the access controlapparatus 1010-6 are ICS network addresses “9922” and “9933”, serving asconnection points for the corporations Y and B, and similarlyappropriated to the access control apparatus 1010-8 are ICS networkaddresses “9944” and “9955”, serving as connection points for thecorporations Z and D. Here, in the embodiment shown in FIGS. 39 and 40,etc., the corporations X, Y and so forth, which are given as examples ofusers, may be differing locations within a single corporation whichperforms the intra-corporation communication, or may be differentcorporations which perform the inter-corporation communication.

An interface unit 1132-5 is provided in the conversion unit 1032-5within the FR exchange 10132-5, this interface unit 1132-5 handling theprocessing of rectifying interfacing of the communication line 1812-5connecting the access control apparatus 1010-5 and the FR exchange10132-5, and the communication line 1812-5 connecting the access controlapparatus 1010-7 and the FR exchange 10132-5 (physical layers, data linklayer protocol). The conversion unit 1032-5 is comprised of a processingdevice 1232-5, and also an FR address conversion table 1532-5 for callsetting with SVC, and a DLC address conversion table 1432-5 forconverting addresses from ICS network addresses used by both SVC and PVCto logic channel. Also, the FR exchange 10132-5 connects the FR addressadministration server 1632-5 serving as an information processing devicefor storing the FR address conversion table with, in the case of usingPVC, the DLC address administration server 1732-5 serving as aninformation processing device for storing the DLC address conversiontable, thereby performing an information processing relating to addressconversion. The components making up the FR exchange 10132-6 are thesame as the description given regarding the FR exchange 10132-5. In thepresent embodiment, the access control apparatuses 1010-5 and 1010-7 areconnected to the FR exchange 10132-5 via the communication lines 1810-5and 1810-7, respectively, and also, the access control apparatuses1010-6 and 1010-8 are connected to the FR exchange 10132-6 via thecommunication lines 1810-6 and 1810-8, respectively. An FR address“2977” unique to the network is set to the conversion unit 1032-5 withinthe FR exchange 10132-5, and an FR address “2999” unique to the networkis set to the conversion unit 1032-6 within the FR exchange 10132-6. TheFR exchanges 10132-5 and 10132-6 are connected via the FR relay network,but in the present embodiment, connecting is made via the FR exchange10132-7 representing the FR relay network.

(3) Flow of Packets Using SVC:

An embodiment wherein the network within an ICS is configured of an FRnetwork, and SVC is applied as a communication path within the FRnetwork, will be described with an example of an ICS user packet sentfrom a terminal of the corporation X toward a terminal of thecorporation Y, with reference to FIGS. 39 and 40.

<<Preparation>>

A receiving ICS network address indicating the destination of the ICSnetwork packet to be transferred from the conversion unit 1032-5 to theFR network, a receiving FR address for indicating the other party forcall setting of the logic channel on the FR network, and channelcapabilities such as communication speed requested by the logic channel,are registered in the FR address conversion table 1532-5 within theconversion unit 1032-5 inside the FR exchange 10132. Also, similarregistration is made to the FR address conversion table 1532-6.

In the embodiment, the values set in the FR address conversion table1532-5 are as follows: “9922” which is the ICS network addressappropriated to the ICS logic terminal of the access control apparatus1010-6 is set as the communication address of the corporation Y, and theFR address “2999” which is uniquely appropriated to the conversion unit1032-6 within the FR network is registered as the receiving FR address.In the present embodiment, a communication speed of 64 Kbps is set asthe channel capabilities. The contents registered to the FR addressconversion table 1532-5 are also written to the FR addressadministration server 1632-5.

The values set in the FR address conversion table 1532-6 are as follows:value “7711” which is the ICS network address appropriated to the ICSlogic terminal of the access control apparatus 1010-5 is set as thecommunication address of the corporation X, and the FR address “2977”which is uniquely appropriated in the FR network to the conversion unit1032-5 within the FR exchange 10132-5 to which the access controlapparatus 1010-5 is connected is registered as the receiving FR address.In the present embodiment, a communication speed of 64 Kbps is set asthe channel capabilities. The contents registered to the FR addressconversion table 1532-6 are also written to the FR addressadministration server 1632-6.

<<Transferring ICS Network Packets from Access Control Apparatus>>

The ICS user packet sent toward the terminal of the corporation Yconnected to the access control apparatus 1010-6 via the access controlapparatus 1010-5 is ICS-encapsulated upon passing through the accesscontrol apparatus 1010-5, and becomes an ICS network packet F1 havingthe transmitting ICS network address “7711” and the receiving ICSnetwork address “9922” as an ICS packet header. The ICS network packetF1 is sent from the access control apparatus 1010-5 to the FR exchange10132-5, and reaches the conversion unit 1032-5 via an interface unit1132-5 which processes conversion/rectifying of electric signals in thecommunication path. The following is a description thereof made withreference to the flowchart in FIG. 43.

<<Obtaining a DLCI>>

Once the conversion unit 1032-5 receives the ICS network packet F1 (StepS1701), there is the need to request a DLCI of the SVC logic channeldetermined by the relation of the transmitting ICS network address“7711” and the receiving ICS network address “9922” in the ICS packetheader, in order to correctly transfer the received packet F1 to the FRexchange 10132-5. In the case that the communication is based on SVC,there are cases that the logic channel corresponding with thecommunication path is established at the time of receiving the ICSnetwork packet, and cases in which the logic channel has not yet beenestablished. In order to find out whether or not the logic channel hasbeen established, the processing device 1232-5 first searches whether ornot a logic channel corresponding with the pair of a transmitting ICSnetwork address “7711” and a receiving ICS network address “9922” isregistered in the DLC address conversion table 1432-5 (Step S1702), andin the event that there is registration here, establishment of the logicchannel can be thus confirmed. That is, the fact that the logic channelcorresponding with the pair of transmitting ICS network address “7711”and receiving ICS network address “9922” is “16” is obtained, andfurther, it can be found that this logic channel is communicating basedon SVC, from the value “10” of the channel type obtained at the sametime. In the event that there is no such registration on the DLC addressconversion table 1432-5, the requested logic channel is established withthe latter-described <<call setting>>, and DLCI is obtained from theinformation registered to the DLC address conversion table 1432-5 atthat point (Step S1703).

<<Call Setting>>

Regarding the above-mentioned case wherein “there is no registration ofa DLCI corresponding with a communications path determined bycorrespondence between a transmitting ICS network address and areceiving ICS network address on the DLC address conversion table1432-5”, i.e., in the case that there is no DLCI corresponding with thiscommunications path established yet, it becomes necessary to perform thefollowing call setting, to establish a logic channel within the FRnetwork comprising ICS 925. An example of operation of the call settingwill now be described.

The processing device 1232-5 of the conversion unit 1032-5, upon makingreference to the DLC address conversion table 1432-5 and finding thatthere is no registration of a DLCI corresponding with the pair oftransmitting ICS network address “7711” and receiving ICS networkaddress “9922” (Step S1702), the processing device 1232-5 of theconversion unit 1032-5 refers to the DLC address conversion table1532-5, finds the receiving ICS network address “9922” registered in theDLC address conversion table 1532-5 matching the receiving ICS networkaddress “9922”, and obtains transmitting FR address “2999” correspondingthereto and channel capabilities “64K” corresponding thereto, and soforth (Step S1705). As described in the above <<Preparation>> section,this transmitting FR address “2999” is an address which is uniquelyappropriated within the FR network to the conversion unit 1032-6 in theFR exchange 10132-6 to which the access control apparatus 1010-6 isconnected, this access control apparatus 1010-6 having the ICS logicterminal provided with a receiving ICS network address “9922”.

The processing device 1232-5 uses the obtained transmitting FR address“2999” to perform a request for call setting to the FR exchange 10132-5,and also requested at this time is channel capabilities such ascommunication speed of the logic channel simultaneously obtained fromthe FR address conversion table 1532-5 and so forth (Step S1706). The FRexchange 10132-5, upon receiving the call setting request, uses a signalmethod which is provided standard to FR exchanges proper as knowntechnique to establish a logic channel within the FR network whichreaches the FR exchange 10132-6. The DLCI appropriated foridentification of the logic channel is notified from the FR exchanges toconversion units 1032-5 and 1032-6 therein, but in the event that thisis based on stipulations of a signal method according to knowntechnique, the value notified from the calling party FR exchange 10132-5(e.g., “16”) and the value notified from the receiving party FR exchange10132-3 (e.g., “26”) may not be the same value. At the conversion unit1032-5, the DLCI “16” which is notified from the FR exchange 10132-5 isregistered in the FR address conversion table 1432-5 along with thetransmitting ICS network address “7711” and the receiving ICS networkaddress “9922” (Step S1707), and stores these on the FR addressconversion table 1432-5 while the connection of the above logic channelis established. When the logic channel connection is no longernecessary, the conversion unit 1032-5 requests call release of the logicchannel to the FR exchange 10132-5, and at the same time deletes theregistration corresponding with DLCI “16” on the FR address conversiontable 1432-5. Registration to the FR address conversion table 1432-6 inthe conversion unit 1032-6 will be described later.

<<Packet Transfer>>

The processing device 1232-5 of the conversion unit 1032-5 converts theICS network packet F1 received from the access control apparatus 1010-5into a FR packet shown in FIG. 38 according to the logic channel(DLCI“16”) established according the above description, and further performsthe conversion into FR packets and transfers to the relay FR exchange10132-7 (Step S1704).

<<Transfer of FR Packets>>

According to the above-described method, the FR packet S1 obtained byconverting the ICS network packet F1 is transferred from the FR exchange10132-5 to the relay FR exchange 10132-5, and further is transferred tothe FR exchange 10132-6 as FR packet S2. The following is a descriptionthereof with reference to the flowchart in FIG. 44.

<<Operation Following Arrival of Packet>>

Once the FR packet S2 reaches the FR exchange 10132-6 (Step S1710), thisFR packet S2 is transferred from the FR exchange 10132-6 to theconversion unit 1032-6. At the conversion unit 1032-6, as shown in FIG.38, an ICS network packet is restored from the received FR packet (StepS1711). In FIG. 40, the restored ICS network packet is shown as an ICSnetwork packet F2, but the contents thereof are identical to that of theICS network packet F1. The ICS network packet F2 is transferred to anaccess control apparatus determined by the receiving ICS network address“9922” in the header thereof, i.e., to access control apparatus 1010-6which has an ICS logic terminal appropriated with ICS network address“9922” (Step S1712).

At this time, at the conversion unit 1032-6, the transmitting ICSnetwork address “7711”, the receiving ICS network address “9922”, thechannel type “10” indicating the fact this is SVC identified at thepoint of receiving the call, and DLCI “26” appropriated at the time ofcall setting of the SVC logic channel are registered in the FR addressconversion table 1432-6 (Step S1714), and at this time, the transmittingICS network address “7711” of the ICS network packet F2 is written tothe receiving ICS network address of the FR address conversion table1432-6, and the receiving ICS network address “9922” is written to thetransmitting ICS network address of the FR address conversion table1432-6, i.e., these are written in reverse positions. However, if at thepoint of registration an item already exists within the FR addressconversion table 1432-6 identical to that regarding which registrationis being attempted, no registration is made. The address conversioninformation registered in the FR address conversion table 1432-6 isstored on the DLC address conversion table 1432-6 while the connectionof the logic channel having a corresponding logic channel (in thisexample, DLCI “26”) is established.

<<Reverse Packet Flow>>

Now, description of the case of reverse flow of the ICS packet, i.e.,flow from the corporation Y to the corporation X, will be made withreference to FIGS. 39 and 40, under the presumption that call setting ofthe SVC logic channel has been made according to the above description.

An ICS user packet sent out from the corporation Y to the corporation Xis ICS-encapsulated upon passing through the access control apparatus1010-6 and is converted into an ICS network packet F3 having thetransmitting ICS network address “9922” and the receiving ICS networkaddress “7711” in the header portion thereof, and is transferred to theconversion unit 1032-6 within the FR exchange 10132-6. The processingfollowing the flow shown in FIG. 43 as described above is performed bythe processing device 1232-6 of the conversion unit 1032-6, but the FRaddress conversion table 1432-5 in the conversion unit 1032-6 hasregistered therein a DLCI “26” with a channel type “10” which means SVC,corresponding with transmitting ICS network address “9922” and receivingICS network address “7711”, so the system operates following the flow(1) shown in FIG. 43, thereby converting the ICS network packets F3 intoan FR packet (FR packet S3) and transferring, with regard to DLCI “26”.

The FR packet S3 is relayed and transferred by the relay FR exchange10132-5, become FR packet S4 and reach the FR exchange 10132-5, arereceived via the logic channel having DLCI “16” in the conversion unit1032-6 thereof, and restored into an ICS network packet F4 havingidentical contents with the ICS network packet F3. In the conversionunit 1032-5, the pair of the transmitting ICS network address “9922” andthe receiving ICS network address “7711” in the header of the ICSnetwork packet F4 is already registered in the FR address conversiontable 1432-5 in reverse fashion, so registration to the FR addressconversion table is not performed, and the ICS network packet F4 istransferred to the access control apparatus 1010-5.

<<Example of Application to Half-Duplex Communication>>

The above description has been made with reference to cases wherein anICS packet is transferred from the corporation X to the corporation Y,and reverse from the corporation Y to the corporation X, with an networkwithin ICS 925 having been configured of an FR network, being carriedout with a single SVC logic channel. For example, applying the transferand reverse transfer to a request packet to a server terminal of thecorporation Y to be connected to the ICS from a client terminal of thecorporation X to be connected to the ICS (transfer), and a responsepacket to the request packet from the client terminal of the corporationX to server terminal of the corporation Y (reverse transfer) results inan application example of half-duplex communication in which one-waycommunication is performed at times, and both-way communication isrealized by switching the communication direction by time frames.

<<Example of Application to Full-Duplex Communication>>

The logic channel set on the FR network is capable of full-duplexcommunication, i.e., simultaneous both-way communication, due to the FRstipulations. For example, applying the transfer and reverse transfer torequest packets to a plurality of server terminals of the corporation Yto be connected to the ICS from a plurality of client terminals of thecorporation X to be connected to the ICS (transfer), and responsepackets to the request packets from the plurality of client terminals ofthe corporation X to the plurality of server terminals of thecorporation Y (reverse transfer) results in asynchronous transfer ofpackets between the client terminals and the server terminals, sosimultaneous both-way communication is conducted on the single SVC logicchannel serving as the communication path, thereby making for anapplication example of full-duplex communication.

(4) Flow of Packets Using PVC:

An embodiment wherein the network within the ICS 925 is configured withan FR network and PVC is applied as a communication path within the FRnetwork will be described with an example of an ICS user packet sentfrom a terminal of the corporation W toward a terminal of thecorporation Z.

<<Preparation>>

A transmitting ICS network address of an ICS network packet to betransferred to the FR network from the conversion unit 1032-5, areceiving ICS address, the DLCI of the PVC fixed on the FR network(indicating the communication path between the FR exchange 10132-5 andthe FR exchange 10132-6), and the channel type indicating that the DLCIis PVC, are registered in the FR address conversion table 1432-5. Thisregistration is different from the case of SVC, in that registration ismade in the FR address conversion table 1432-5 at the same time that thePVC logic channel is set in the FR exchanges (10132-5, 10132-5, 10132-6)serving as the communication path, and is saved in a fixed manner whilethe communication path is necessary, i.e., until the setting of the PVClogic channel is canceled. Also, the registration is made to the DLCaddress conversion table 1432-6 in the same manner. Incidentally, theDLCI of PVC is appropriated to the respective FR exchanges at the timethat PVC is fixedly connected between the FR exchanges.

The values set in the DLC address conversion table 1432-5 are asfollows: value “7733” which is the transmitting ICS network addressappropriated to the ICS logic terminal of the access control apparatus1010-7 is set as the communication address of the corporation W, andvalue “9944” which is the receiving ICS network address appropriated tothe ICS logic terminal of the access control apparatus 1010-8 is set asthe communication address of the corporation Z. Further, PVC logicchannel ID “18” which is appropriated to the FR exchange 10132-5 is setas the DLCI, and value “20” is set for the channel type, indicating PVC.Also, settings for registering to the DLC address conversion table1432-5 are written to the DLC address administration server 1732-5, andstored. In the same way, similar settings are made in the DLC addressconversion table 1432-6 in the conversion unit 1032-6 in the FR exchange10132-6, with the transmitting ICS network address and the receiving ICSnetwork address reversed. In this case, even if the same PVC is beingimplied, the DLCI may be of a different value to the DLC addressconversion table 1432-5.

The values set in the DLC address conversion table 1432-6 are asfollows: value “9944” which is the transmitting ICS network addressappropriated to the ICS logic terminal of the access control apparatus1010-8 is set as the communication address of the corporation Z, andvalue “7733” which is the receiving ICS network address appropriated tothe ICS logic terminal of the access control apparatus 1010-7 is set asthe communication address of the corporation W. Further, PVC logicchannel ID “28” which is appropriated to the FR exchange 10132-6 is setas the DLCI, and value “20” is set as the channel type, indicating PVC.Also, settings registered to the DLC address conversion table 1432-6 arealso written to and store in the DLC address administration server1732-6.

<<Transferring ICS Network Packets from the Access Control Device>>

As described in Embodiment-1, the ICS user packet sent toward theterminal of the corporation Z connected to the access control apparatus1010-8 via the access control apparatus 1010-7 is ICS-encapsulated uponpassing through the access control apparatus 1010-7, and becomes an ICSnetwork packet F5 having the transmitting ICS network address “7733” andthe receiving ICS network address “9944” as an ICS packet header. TheICS network packet F5 is sent from the access control apparatus 1010-7to the FR exchange 10132-5, and reaches the conversion unit 1032-5.

<<Obtaining a DLCI>>

The processing device 1232-5 refers to the DLC address conversion table1432-5 using the transmitting ICS network address “7733” and thereceiving ICS network address “9944” in the header of the receivednetwork packet F5, and obtains the fact that the DLCI identifying thelogic channel set as a communication path for this ICS network addresspair is “18”. At the same time, it can be found that this logic channelis PVC, from the value “20” of the channel type obtained.

<<Transfer of Packet>>

The processing device 1232-5 converts the ICS network packet F5 receivedfrom the access control apparatus 1010-7 into an FR frame, and transfersit to FR exchange 10132-7, with regard to the PVC logic channel “18”obtained as described above. The method of FR packet conversion is thesame as that described above in the embodiment of SVC. The aboveprocessing procedures of the conversion unit 1032-5 are as shown in FIG.43, and PVC always follows the flow (1).

<<Transfer of FR Packet>>

The FR packet S1 comprised of a plurality of cells obtained byconverting the ICS network packet F5 is transferred from the FR exchange10132-5 to the relay FR exchange 10132-5, and further is transferred tothe FR exchange 10132-6 as FR packet S2. This operation is the same aswith SVC.

<<Operation Following Arrival of Packet>>

Once the FR packet S2 reaches the FR exchange 10132-6, this FR packet S2is transferred from the FR exchange 10132-6 to the conversion unit1032-6 within the FR exchange 10132-6. The conversion unit 1032-6restored the received FR packet into an ICS network packet, which is thesame as with SVC. In FIG. 40, the restored ICS network packet is shownas ICS network packet F6, but the contents thereof are identical to thatof the ICS network packet F5. The ICS network packet F6 is transferredto an access control apparatus determined by the receiving ICS networkaddress “9944” in the header thereof, i.e., to access control apparatus1010-8 which has an ICS logic terminal appropriated with the ICS networkaddress “9944”. The above processing procedures of the conversion unit1032-6 are as shown in FIG. 44, and PVC always follows the flow (1).

<<Reverse Packet Flow>>

Next, description of the case of reverse flow of the ICS packet, i.e.,flow from the corporation Z to the corporation W, will be made, with anPVC logic channel as the communication path. An ICS user packet sent outfrom the corporation Z to the corporation W is ICS-encapsulated into anICS network packet F7 having the transmitting ICS network address “9944”and the receiving ICS network address “7733” in the header portionthereof when passing through the access control apparatus 1010-8, and istransferred to the conversion unit 1032-6 within the FR exchange10132-6. The processing following the flow shown in FIG. 43 is performedby the processing device 1232-6 of the conversion unit 1032-6. In thiscase, the DLC address conversion table 1432-5 in the conversion unit1032-6 has registered therein a DLCI “28” corresponding with thetransmitting ICS network address “9944” and the receiving ICS networkaddress “7733”, so the system converts the ICS network packets F7 intoan FR packet and transfers, with regard to DLCI “28”.

The FR packet transferred through the FR network reach the conversionunit 1032-5 of the FR exchange 10132-5, are received via the logicchannel having DLCI “18”, and restored into an ICS network packet F8having identical contents with the ICS network packet F7. However, inthe conversion unit 1032-5, the pair of the transmitting ICS networkaddress “9944” and the receiving ICS network address “7733” in theheader of the ICS network packet F8 is already registered in the DLCaddress conversion table 1432-5 in reverse fashion, and an informationthat the DLCI “18” as to this transmitting/receiving address pair ischannel type “20” is obtained, so the registration to the FR addressconversion table is not performed, and the ICS network packet F8 istransferred to the access control apparatus 1010-7.

<<Example of Application to Half-Duplex Communication>>

The above description has been made with reference to an embodiment oftransferring an ICS packet using PVC with a network within ICS 925having been configured of an FR network, but the difference between PVCand the earlier-described SVC is whether the logic channel is fixed orcalled and set as necessary, so there is no difference in the operationitself of transferring packets over the set logic channel. Accordingly,regarding the ICS according to the present invention, an example ofapplication to half-duplex communication using an FR network with a PVClogic channel is the same as an example of application to half-duplexcommunication using a SVC logic channel.

<<Example of Application to Full-Duplex Communication>>

Due to the same reason as that regarding the example of application tofull-duplex communication, an example of application to PVC full-duplexcommunication is the same as an example of application to SVCfull-duplex communication.

(5) One-on-N or N-on-One Communication Using PVC:

In the above example, an embodiment was described wherein one logicchannel was described as a communication path connecting one corporation(location) with one corporation (location), i.e., a communication pathconnecting one ICS logic terminal with one ICS logic terminal, but onePVC logic channel can be used as a communication path connecting one ICSlogic terminal with a plurality of ICS logic terminals. Such One-on-N orN-on-one communication will be described with reference to FIGS. 45 and46.

<<Description of Components>>

The corporation X is connected with an ICS logic terminal within theaccess control apparatus 1010-10 provided with the ICS network address“7711”, and the access control apparatus 1010-52 is connected to the FRexchange 10132-52. With the parties to be reached from the corporation Xas the corporations A through D, the corporation A is connected to anICS logic terminal within the access control apparatus 1010-62 providedwith the ICS network address “9922”, and the corporation B is connectedto an ICS logic terminal within the access control apparatus 1010-62provided with the ICS network address “9923”. In the same manner, thecorporation C is connected to an ICS logic terminal within the accesscontrol apparatus 1010-82 provided with the ICS network address “9944”,and the corporation D is connected to an ICS logic terminal within theaccess control apparatus 1010-82 provided with the ICS network address“9955”. The access control apparatuses 1010-62 and 1010-82 are connectedto the FR exchange 10132-62, and the FR exchange 10132-52 and FRexchange 10132-62 are connected via a relay network.

<<Preparation>>

With regard to the FR exchanges 10132-52 and 10132-62, a single PVClogic channel connecting the conversion unit 1032-52 within the FRexchange 10132-52 and the conversion unit 1032-62 within the FR exchange10132-62, setting “16” as the DLCI provided to the conversion unit1032-52 of the logic channel, and “26” as the DLCI provided to theconversion unit 1032-62 of the logic channel. Registration such as shownin FIGS. 45 and 46 is performed regarding the DLC address conversiontable 1432-52 within the conversion unit 1032-52 and the DLC addressconversion table 1432-62 within the conversion unit 1032-62.

<<Frame Flow for One-on-N Communication>>

The flow of packet for one-on-N communication will be describedconcerning packet sent from the corporation X to each of thecorporations A through D. An ICS network packet sent from thecorporation X toward the corporation A, having a transmitting ICSnetwork address “7711” and a receiving network address “9922”, istransferred to the PVC logic channel with a DLCI “16”, by means ofmaking reference to the DLC address conversion table 1432-62 in theconversion unit 1032-52. An ICS network packet sent from the corporationX toward the corporation B, having a transmitting ICS network address“7711” and a receiving network address “9933”, is also transferred tothe PVC logic channel with a DLCI “16”. An ICS network packet sent fromthe corporation X toward the corporation C, having a transmitting ICSnetwork address “7711” and a receiving network address “9944”, and anICS network packet sent from the corporation X toward the corporation D,having a transmitting ICS network address “7711” and a receiving networkaddress “9955” are transferred to the PVC logic channel with a DLCI “16”in the same manner. This indicates that one-on-N (the corporation X tothe corporations A through D) communication is being performed whilesharing a single PVC logic channel. Reverse packet flow, i.e., transferfrom the corporations A through D to the corporation X, will bedescribed next.

<<Packet Flow for N-on-One Communication>>

The flow of packet for N-on-one communication will be describedconcerning packet sent to the corporation X from each of thecorporations A through D. An ICS network packet sent toward thecorporation X from the corporation A, having a transmitting ICS networkaddress “9922” and a receiving network address “7711”, is transferred tothe PVC logic channel with a DLCI “26”, by means of making reference tothe DLC address conversion table 1432-62 in the conversion unit 1032-62.An ICS network packet sent toward the corporation X from the corporationB, having a transmitting ICS network address “9933” and a receivingnetwork address “7711”, is also transferred to the PVC logic channelwith a DLCI “26”. An ICS network packet sent toward the corporation Xfrom the corporation C, having a transmitting ICS network address “9944”and a receiving network address “7711”, and An ICS network packet senttoward the corporation X from the corporation D, having a transmittingICS network address “9955” and a receiving network address “7711” aretransferred to the PVC logic channel with a DLCI “26” in the samemanner. This indicates that N-on-one (the corporations A through D tothe corporation X) communication is being performed while sharing asingle PVC logic channel.

(6) N-on-N Communication Using PVC:

Using the same method as one-on-N communication, one PVC logic channelcan be used as a communication path connecting a plurality of ICS logicterminals with a plurality of ICS logic terminals. Such N-on-Ncommunication will be described with reference to FIGS. 47 and 48.

<<Description of Components>>

The corporation X has ICS logic terminal address “7711” of the accesscontrol apparatus 1010-13 as the contact point thereof, the corporationY has ICS logic terminal address “7722” of the access control apparatus1010-13 as the contact point thereof, and the access control apparatus1010-13 is connected to the FR exchange 10132-13. With the other partywhich the corporation X or corporation Y is attempting to reach as thecorporation A or corporation C, the corporation A has ICS logic terminaladdress “9922” of the access control apparatus 1010-23 as the contactpoint thereof, the corporation Y has ICS logic terminal address “9944”of the access control apparatus 1010-43 as the contact point thereof.The access control apparatuses 1010-23 and 1010-43 are connected to theFR exchange 10132-23, and the FR exchanges 10132-13 and 10132-23 areconnected via a relay network.

<<Preparation>>

With regard to the FR exchanges 10132-13 and 10132-23, a single PVClogic channel connects the conversion unit 1032-13 within the FRexchange 10132-13 and the conversion unit 1032-23 within the FR exchange10132-23, setting “16” as the DLCI provided to the conversion unit1032-13 of the logic channel, and “26” as the DLCI provided to theconversion unit 1032-23 of the logic channel. The registration such asshown in FIGS. 47 and 48 is performed regarding the DLC addressconversion table 1432-13 within the conversion unit 1032-13 and the DLCaddress conversion table 1432-23 within the conversion unit 1032-23.

<<Packet Flow for N-on-N Communication>>

The flow of packets for N-on-N communication will first be describedconcerning packets sent from the corporation X to each of thecorporations A and C. An ICS network packet sent from the corporation Xtoward the corporation A, having a transmitting ICS network address“7711” and a receiving network address “9922”, is transferred to the PVClogic channel with a DLCI “16”, by means of making reference to the DLCaddress conversion table 1432-13 in the conversion unit 1032-13. An ICSnetwork packet sent from the corporation X toward the corporation C,having a transmitting ICS network address “7711” and a receiving networkaddress “9944”, is also transferred to the PVC logic channel with a DLCI“16”. Next, the flow of packet will be described concerning packets sentfrom the corporation Y to each of the corporations A and C. An ICSnetwork packet sent from the corporation Y toward the corporation A,having a transmitting ICS network address “7722” and a receiving networkaddress “9922”, is transferred to the PVC logic channel with a DLCI“16”, by means of making reference to the DLC address conversion table1432-13 in the conversion unit 1032-13. An ICS network packet sent fromthe corporation Y toward the corporation C, having a transmitting ICSnetwork address “7722” and a receiving network address “9944”, is alsotransferred to the PVC logic channel with a DLCI “16”.

Next, reverse packet flow will be described concerning packets sent toeach of the corporations X and Y from the corporation A. An ICS networkpacket sent toward the corporation X from the corporation A, having atransmitting ICS network address “9922” and a receiving network address“7711”, is transferred to the PVC logic channel with a DLCI “26”, bymeans of making reference to the DLC address conversion table 1432-23 inthe conversion unit 1032-2. An ICS network packet sent toward thecorporation Y from the corporation A, having a transmitting ICS networkaddress “9922” and a receiving network address “7722”, is alsotransferred to the PVC logic channel with a DLCI “26”. An ICS networkpacket sent toward the corporation X from the corporation C, having atransmitting ICS network address “9944” and a receiving network address“7711”, is transferred to the PVC logic channel with a DLCI “26”. An ICSnetwork packet sent toward the corporation Y from the corporation C,having a transmitting ICS network address “9944” and a receiving networkaddress “7722”, is also transferred to the PVC logic channel with a DLCI“26”. Thus, N-on-N communication is performed while sharing a single PVClogic channel.

Embodiment-5 Containment of Telephone Line, Isdn Line, CATV Line,Satellite Line, IPX Line, Cellular Phone Line

As described in Embodiment-1 and Embodiment-2, connection to accesscontrol apparatuses which serve as access points is not limited tocommunication lines to LANs (dedicated lines, etc.), but rather,telephone lines, ISDN lines, CATV lines, satellite lines, IPX lines andcellular phone lines may also be contained. The following is adescription of an embodiment.

FIG. 49 through FIG. 52 illustrate an example of a system containingtelephone lines, ISDN lines, CATV lines, satellite lines, IPX lines andcellular phone lines, according to the ICS 6000. The line portions6011-1 and 6011-2 are made up of telephone line conversion units 6030-1and 6030-2, ISDN line conversion units 6029-1 and 6029-2, CATV lineconversion units 6028-1 and 6028-2, satellite line conversion units6027-1 and 6027-2, IPX line conversion units 6026-1 and 6026-2, andcellular phone line conversion units 6025-1 and 6025-2. The telephoneline conversion units 6030-1 and 6030-2 have capabilities for conversionand reverse-conversion equivalent to physical layers and data linklayers (first layer and second layer of OSI(Open SystemsInterconnection) communication protocol) between the telephone lines6160-1 and 6160-2 and the access control apparatuses 6010-1 and 6010-2.Also, the ISDN line conversion units 6029-1 and 6029-2 have capabilitiesfor conversion and reverse-conversion equivalent to physical layers anddata link layers between the ISDN lines 6161-1 and 6161-2 and the accesscontrol apparatuses 6010-1 and 6010-2, and the CATV line conversionunits 6028-1 and 6028-2 have capabilities for conversion andreverse-conversion equivalent to physical layers and data link layersbetween the CATV lines 6162-1 and 6162-2 and the access controlapparatuses 6010-1 and 6010-2. Further, the satellite line conversionunits 6027-1 and 6027-2 have capabilities for conversion andreverse-conversion equivalent to physical layers and data link layersbetween the satellite lines 6163-1 and 6163-2 and the access controlapparatuses 6010-1 and 6010-2, and the IPX conversion units 6026-1 and6026-2 have capabilities for conversion and reverse-conversionequivalent to physical layers and data link layers between the IPX lines6164-1 and 6164-2 and the access control apparatuses 6010-1 and 6010-2.The cellular phone conversion units 6025-1 and 6025-2 have capabilitiesfor conversion and reverse-conversion equivalent to physical layers anddata link layers between the cellular phone wireless lines 6165-1 and6165-2 and the access control apparatuses 6010-1 and 6010-2. An exampleof the conversion table 6013-1 is shown in FIG. 53.

The ICS packet interface network 6050 transfers ICS network packetsfollowing the RFC791 or RFC1883 stipulations, without change in the ICSnetwork packet format. The X.25 network 6040 accepts ICS network packetsand converts these to X.25 format and transfers, and at the endreverse-converts these into ICS network packet format and outputs. TheFR network 6041 accepts ICS network packets and converts these to FRformat and transfers, and at the end reverse-converts these into ICSnetwork packet format and outputs. The ATM network 6042 accepts ICSnetwork packets and converts these to ATM format and transfers, and atthe end reverse-converts these into ICS network packet format andoutputs. The satellite communication network 6043 accepts ICS networkpackets and transfers the information using the satellite, and at theend reverse-converts these into ICS network packet format and outputs.Also, the CATV line network 6044 accepts ICS network packets andconverts into CATV format packets and transfers the contents thereof,and at the end reverse-converts these into ICS network packet format andoutputs.

<<Common Preparation>>

The conversion table 6013-1 within the access control apparatus 6010-1contains the transmitting ICS network address, the sender ICS useraddress, the receiver ICS user address, the receiving ICS networkaddress, the request identification and the speed as shown in FIG. 53.The request identification represents services and connections, e.g., asfollows: value “1” indicates intra-corporation service, value “2”indicates inter-corporation service, value “3” indicates virtualdedicated line connection, and value “4” indicates ICS serverconnection. The conversion table 6013-1 contains addresses registeredtherein with the same method as that described in Embodiment-1 andEmbodiment-2. The ICS network server 670 has an ICS user address of“2000” and an ICS network address of “7821”, and is connected to theaccess control apparatus 6010-1 via ICS communications line 6081-1. Theconversion table 6013-1 contains the receiver ICS user address “2000” ofthe ICS network server 670, receiving ICS network address of “7821” andrequest identification of “4”.

The operation thereof is described with reference to FIG. 54.

<<Communication from a Telephone Line to an ISDN Line>>

The user 6060-1 sends out the ICS user frame F110 with a sender ICS useraddress “3400” and a receiver ICS user address “2500” to the accesscontrol apparatus 6010-1 via the telephone line 6160-1. The accesscontrol apparatus 6010-1 receives the ICS user packet F110 from thetelephone line conversion unit 6030-1 with the ICS network address“7721” (Step S1800), and checks whether or not the ICS network address“7721” is registered on the conversion table 6013-1 with the requestidentification as virtual dedicated line connection “3” (Step S1801). Inthis case, the registration has not been made, so next, the accesscontrol apparatus 6010-1 checks that the receiver ICS user address“2500” is registered on the conversion table 6013-1 (Step S1803) andthat the request identification has been registered as inter-corporationcommunication “2” (Step S1804). In this case, the registration has beenmade, so the receiving ICS network address “5522” is obtained from theconversion table 6013-1, processing such as billing related to theinter-corporation communication is performed (Step S1805), the ICS userpacket F110 is ICS-encapsulated (Step S1820), converted into an ICSnetwork packet F120, and sent to the ICS packet transfer network 6030via ICS network communication line 6080-1 (Step S1825).

<<Communication from an Isdn Line to a CATV Line>>

The user 6061-1 sends out the ICS user packet F111 with a sender ICSuser address “3500” and a receiver ICS user address “2600” to the accesscontrol apparatus 6010-1 via the ISDN line 6161-1. The access controlapparatus 6010-1 receives the ICS user packet F111 from the ISDN lineconversion unit 6031-1 with the ICS network address “7722” (Step S1800),and checks whether or not the ICS network address “7722” is registeredon the conversion table 6013-1 with the request identification asvirtual dedicated line connection “3” (Step S1801). In this case, theregistration has been made, so the receiving ICS network address “5523”is obtained from the conversion table 6013-1, processing such as billingrelated to dedicated line connection is performed (Step S1802), the ICSuser packet F111 is ICS-encapsulated (Step S1820), converted into an ICSnetwork packet F121, and sent to the ICS packet transfer network 6030via ICS network communication line 6080-1 (Step S1825).

Incidentally, regarding the virtual dedicated line connection, thesender ICS user address and receiver ICS user address written within theICS network packet F111 do not have to be used in the access controlapparatus. Next, the ICS network packet F121 reaches the access controlapparatus 6010-2 via the FR network 6041 and the ICS networkcommunication line 6080-2 for example, is reversely ICS-encapsulated andrestored into the ICS user packet F111, and reaches the user 6062-2connected to the CATV line 6162-2 via the CATV line unit 6028-2 which isprovided with the transmitting ICS network address “5523”.

<<Communication from a CATV Line to a Satellite Line>>

The user 6062-1 sends out the ICS user packet F112 with a sender ICSuser address “3600” and a receiver ICS user address “2700” to the accesscontrol apparatus 6010-1 via the CATV line 6162-1. The access controlapparatus 6010-1 receives the ICS user packet F112 from the CATV lineconversion unit 6032-1 with the ICS network address “7723” (Step S1800),and checks whether or not the ICS network address “7723” is registeredon the conversion table 6013-1 with the request identification asvirtual dedicated line connection “3” (Step S1801). In this case, theregistration has not been made, so next, the access control apparatus6010-1 checks that the receiver ICS user address “2700” is registered onthe conversion table 6013-1 (Step S1803) and that the requestidentification has been registered as inter-corporation communication“2” (Step S1804). In this case, the registration has been made asinter-corporation communication “2”, so the receiving ICS networkaddress “5524” is obtained from the conversion table 6013-1, processingsuch as billing related to inter-corporation communication is performed(Step S1805), the ICS user packet F112 is ICS-encapsulated (Step S1820),converted into an ICS network packet F22, and sent to the ICS packettransfer network 630 via ICS network communication line 6080-1 (StepS1825). The ICS network packet F122 reaches the access control apparatus6010-2 via the ATM network 6042 and the ICS network communication line6080-2 for example, is reversely ICS-encapsulated and restored into theICS user packet F112, and reaches the user 6063-2 with the receiving ICSnetwork address “2700”.

<<Communication from a Satellite Line to an IPX Line>>

The user 6063-1 sends out the ICS user packet F113 with a sender ICSuser address “3700” and a receiver ICS user address “2800” to the accesscontrol apparatus 6010-1 via the telephone line 6163-1. The accesscontrol apparatus 6010-1 receives the ICS user packet F113 from thesatellite line conversion unit 6027-1 with the ICS network address“7724” (Step S1800), and checks whether or not the ICS network address“7724” is registered on the conversion table 6013-1 with the requestidentification as virtual dedicated line connection “3” (Step S1801). Inthis case, the registration has not been made, so next, the accesscontrol apparatus 6010-1 checks that the receiver ICS user address“2800” is registered on the conversion table 6013-1 (Step S1803) andthat the request identification has been registered as inter-corporationcommunication “2” (Step S1804). In this case, the registration has beenmade as inter-corporation communication “2”, so the receiving ICSnetwork address “5525” is obtained from the conversion table 6013-1,processing such as billing related to inter-corporation communication isperformed (Step S11805), the ICS user packet F113 is ICS-encapsulated(Step S1820), converted into an ICS network packet F123, and sent to theICS frame transfer network 6030 via ICS network communication line6080-1(Step S1825). The ICS network packet F123 reaches the accesscontrol apparatus 6010-2 via the ICS packet interface 6050 and ICSnetwork communication line 6080-2 for example, is reverselyICS-encapsulated and restored into the ICS user packet F113, and reachesthe user 6064-2 with the receiving ICS network address “2800”.

<<Communication from an IPX Line to a Cellular Telephone Line>>

The user 6064-1 sends out the ICS user packet F114 with a sender ICSuser address “0012” and a receiver ICS user address “2900” to the accesscontrol apparatus 6010-1 via the IPX line 6164-1. The access controlapparatus 6010-1 receives the ICS user packet F114 from the IPX lineconversion unit 6026-1 with the ICS network address “7725” (Step S1800),and checks whether or not the ICS network address “7725” is registeredon the conversion table 6013-1 with the request identification asvirtual dedicated line connection “3” (Step S1801). In this case, theregistration has not been made, so next, the access control apparatus6010-1 checks that the receiver ICS user address “2900” written in theICS user packet F114 is registered on the conversion table 6013-1 (StepS1803) and that the request identification has been registered asinter-corporation communication “2” (Step S1804). In this case, theregistration has not been made as inter-corporation communication “2”,so the access control apparatus 6010-1 checks whether the registrationhas been made as intra-corporation communication “1” (Step S1810). Inthis case, the registration has been made as intra-corporationcommunication “1”, so the receiving ICS network address “5526” isobtained from the conversion table 6013-1, processing such as billingrelated to intra-corporation communication is performed (Step S1811),the ICS user packet F113 is ICS-encapsulated (Step S1820), convertedinto an ICS network packet F124, and sent to the ICS packet transfernetwork 6030 via ICS network communication line 6080-1 (Step S1825). TheICS network packet F124 reaches the access control apparatus 6010-2 viathe CATV line network 6044 and ICS network communication line 6080-2 forexample, is reversely ICS-encapsulated and restored into the ICS userpacket F114, and reaches the user 6065-2 with the receiving ICS networkaddress “2900”.

<<Communication from a Cellular Telephone Line to a Telephone Line>>

The user 6065-1 sends out the ICS user packet F115 with a sender ICSuser address “3800” and a receiver ICS user address “2400” to the accesscontrol apparatus 6010-1 via the cellular telephone line 6165-1. Theaccess control apparatus 6010-1 receives the ICS user packet F115 fromthe cellular telephone line conversion unit 6035-1 with the ICS networkaddress “7726” (Step S1800), and checks whether or not the ICS networkaddress “7726” is registered on the conversion table 6013-1 with therequest identification as virtual dedicated line connection “3” (StepS1801). In this case, the registration has not been made, so next, theaccess control apparatus 6010-1 checks that the receiver ICS useraddress “2400” written in the ICS user packet F115 is registered on theconversion table 6013-1 (Step S1803) and that the request identificationhas been registered as inter-corporation communication “2” (Step S1804).In this case, the registration has been made as inter-corporationcommunication “2”, so the receiving ICS network address “5521” isobtained from the conversion table 6013-1, processing such as billingrelated to intra-corporation communication is performed (Step S1811),the ICS user packet F115 is ICS-encapsulated (Step S1820), convertedinto an ICS network packet F125, and sent to the ICS packet transfernetwork 6030 via ICS network communication line 6080-1 (Step S1825). TheICS network packet F124 reaches the access control apparatus 6010-2 viathe satellite line network 6043 and ICS network communication line6080-2 for example, is reversely ICS-encapsulated and restored into theICS user packet F115, and reaches the user 6060-2 with the receiving ICSnetwork address “2400”.

<<Communication from a Cellular Telephone Line to an ICS NetworkServer>>

The user 6066-1 sends out the ICS user packet F116 with a sender ICSuser address “3980” and a receiver ICS user address “2000” to the accesscontrol apparatus 6010-1 via the cellular telephone line 6166-1. Theaccess control apparatus 6010-1 receives the ICS user packet F116 fromthe cellular telephone line conversion unit 6025-1 with the ICS networkaddress “7726” (Step S1800), and checks whether or not the ICS networkaddress “7726” is registered on the conversion table 6013-1 with therequest identification as virtual dedicated line connection “3” (StepS1801). In this case, the registration has not been made, so next, theaccess control apparatus 6010-1 checks that the receiver ICS useraddress “2000” written in the ICS user packet F116 is registered on theconversion table 6013-1 (Step S1803) and that the request identificationhas been registered as inter-corporation communication “2” (Step S1804).In this case, the registration has not been made so the access controlapparatus 6010-1 checks whether or not the request identification isregistered as intra-corporation communication “1” (Step S1810). In thiscase, the registration has not been made, so the access controlapparatus 6010-1 checks whether or not the request identification isregistered as ICS network server “4” (Step S1812). In this case, theregistration has been made as inter-corporation communication “2”, sothe receiving ICS network address “8721” is obtained from the conversiontable 6013-1, processing such as billing related to intra-corporationcommunication is performed (Step S1813), the ICS user packet F115 isICS-encapsulated (Step S1820), converted into an ICS network packet, andsent to the ICS network server 670 (Step S1825).

According to the above-described transferring methods, changing the ICSuser address written into the ICS user packet allows for the sendingside to select any of the following on the receiving side: telephoneline, ISDN line, CATV line, satellite line, IPX line, or cellular phoneline; regardless of whether the sending side is any of the following:telephone line, ISDN line, CATV line, satellite line, IPX line, orcellular phone line.

Embodiment-6 Dial-Up Router

An example of using a dial-up router will be described with reference toFIG. 55 through FIG. 57. A user 7400-1 within a LAN 7400 has an ICS useraddress “2500”, and similarly, a user 7410-1 within a LAN 7410 has anICS user address “3601”. The administrator of the dial-up router 7110enters in the router table 7113-1 of the dial-up router 7110 thetelephone number specified from the receiver ICS user address and theorder or priority thereof from the router table input unit 7018-1.

Now, registration to the router table 7113-1 will be described withreference to FIG. 58. In the event that the receiver ICS user address“3601” has been specified, the highest on the priority list is telephonenumber “03-1111-1111”,No. 2 on the priority list is telephone number“03-2222-2222”, and No. 3 on the priority list is telephone number“03-3333-3333”. The receiver ICS user addresses “3602” and “3700” arealso registered in the same manner. Here, reference will be made to theflowchart shown in FIG. 59 as an example of communication from thesender ICS user address “2500” to the receiver ICS user address “3601”.

The user 7400-1 sends the ICS user packet F200 to the dial-up router7110 via the gateway 7400-2 and the user logic communication line 7204.The dial-up router 7110 operates under the processing device 7112-1, andreceives the ICS user packet F200(Step S1901), reads the receiver ICSuser address “3601” included in the ICS user packet F200, searches therouter table 7113-1 with the address “3601” included in the ICS userpacket F200 as the search keyword (Step S1902), and finds the telephonenumber with high priority. In this case, the telephone number highest onthe priority list is “03-1111-1111”, as shown in the router table inFIG. 58, so the dial-up router 7110 dials the telephone number“03-1111-1111” via the telephone network as the first attempt (StepS1910). As a result, a telephone communication path 7201 with the lineportion 7011-1 of the access control apparatus 7010-1 which is called bythe telephone number “03-1111-1111” is established, i.e., the dial-uprouter 7110 and the line portion 7011-1 are connected by a telephoneline. In the event that the dial-up router 7110 and the line portion7011-1 are not connected by a telephone line, dial-up router 7110 findsthe telephone number “03-2222-2222” that is second in priority, anddials the telephone number “03-2222-2222” via the telephone network asthe first attempt (Step S1911). As a result, a telephone communicationpath 7202 with the line portion 7011-1 of the access control apparatus7010-1 which is called by the telephone number “03-2222-2222” isestablished. Also, in the event that the dial-up router 7110 and theline unit 7011-1 are not connected by a telephone line, the dial-uprouter 7110 finds the telephone number “03-3333-3333” that is third inpriority, and dials the telephone number “03-3333-3333” via thetelephone network as the third attempt (Step S1911). As a result, atelephone communication path 7203 with the line portion 7011-3 of theaccess control apparatus 7010-3 which is called by the telephone number“03-3333-3333” is established. In the event that the dial-up router andthe access control apparatus are not connected by a telephone lineregardless of the above multiple attempts, the dial-up router 7110stores the received ICS packet F200 in a memory 7117-1 (Step S1913),makes reference again to the router table (Step S1902) after a certainamount of time (Step S1914), and attempts establishment of telephonecommunication path 7201, 7202 or 7203.

Next, description will be made regarding the operations following theconnection of the aforementioned dial-up router 7110 and the lineportion 7011-1. The dial-up router 7110 enters verification proceduresfor determining whether this is an authorized user registered in theaccess control apparatus 7010-1 as a user (Step S1920). Any arrangementwhich achieves the object of verification is agreeable for theverification procedures, but for example, an ID and password foridentifying the dial-up router are sent from the dial-up router 7110 tothe line portion 7011 via the telephone line 7201 the verifying unit7016-1 of the access control apparatus 7010-1 checks whether or not thereceived ID and password are correct, and in the event that the user iscorrect, the fact that the user is correct, i.e., communication datanotifying “affirmative confirmation” is sent to the dial-up router 7110via the telephone communication path 7210, thus completing theverification procedures. In the event that either one of the ID orpassword is incorrect, communication via the telephone communicationpath 7210 is terminated.

Upon receiving notification of “affirmative confirmation” from thetelephone line 7201 in user verification, the dial-up router 7110 sendsthe ICS user packet F200 to the telephone communication path 7201 (StepS1930), and when the confirmation has been made that the access controlapparatus 7010-1 has received the ICS user packet F200, releases thetelephone communication path 7201 and hangs up (Step S1931), thuscompleting the above-described series of processes for the dial-uprouter.

Upon receiving the ICS user packet F200, the access control apparatus7010-1 uses the conversion table 7013-1 under administration of theprocessing device 7012-1, generating an ICS network packet F301, whichis sent out into the ICS network communication line 7301 within the ICS7100. In the present embodiment, the transmitting ICS network addressfor the ICS network packet F301 is “7501” which is a network addressappropriated to the ICS logic terminal within the line portion 7011-1,and the receiving ICS network address is “8601” appropriated to the ICSlogic terminal within the access control apparatus 7010-2. The ICSnetwork packet F301 is transferred across the ICS 7100 and reaches theaccess control apparatus 7010-2, where it is reversely ICS-encapsulatedand reaches the user 7410-1 with the ICS user address “3601” via theuser logic communication line 7601.

In the above description, in the event that a telephone communicationpath 7202 called by the telephone number “03-2222-2222” is establishedbetween the dial-up router 7110 and the line portion 7011-1 of theaccess control apparatus 7010-1, the ICS user packet F200 is transferredfrom the dial-up router 7110 to the line portion 7011-1 via thetelephone communication path 7202. In this case also, upon receiving theICS user packet F200, the access control apparatus 7010-1 performs theICS encapsulation to generate an ICS network packet F302, which is sentout into the ICS network communication line 7301 within the ICS 7100.Now, the transmitting user address for the ICS user packet F302 is“7502”, and the receiving ICS user address, “8601”.

Also, in the event that a telephone communication path 7203 called bythe telephone number “03-3333-3333” is established between the dial-uprouter 7110 and the line portion 7011-3 of the access control apparatus7010-3, the ICS user packet F200 is transferred from the dial-up router7110 to the line portion 7011-3 via the telephone communication path7203. In this case, upon receiving the ICS user packet F200, the accesscontrol apparatus 7010-3 performs the ICS encapsulation to generate anICS network packet F303, which is sent out into the ICS networkcommunication line 7303 within the ICS 7100. In this case, thetransmitting user address for the ICS user packet F303 is “7800” whichis a network address provided to an ICS logic terminal within the lineportion 7011-3, and the receiving ICS user address is “8601”, which is anetwork address provided to an ICS logic terminal within the lineportion 7010-2. The ICS network packet F303 is transferred across theICS 7100 and reaches the access control apparatus 7010-2, where it isreversely ICS-encapsulated and reaches the user 7410-1 with the ICS useraddress “3601” via the user logic communication line 7601.

Embodiment-7 ICS Address Name Administration Server

In the present embodiment shown in FIG. 60, ICS address nameadministration servers 13000-1, 13000-2, 13000-3 and 13000-4 within theICS 13000-1 are respectively connected to access control apparatuses13010-1, 13010-2, 13010-3 and 13010-4. The ICS address nameadministration server 13000-1 has a processing device 130001-1, acorrelation table 13002-1 and an ICS name converting table 13003-1, andfurther is appropriated an ICS network address “9801” which can beuniquely distinguished within the ICS.

The other ICS address name administration servers 13000-2, 13000-3 and13000-4 also have the same capabilities as the ICS address nameadministration server 13000-1, each containing a processing device, acorrelation table and an ICS name conversion table, each having therespective ICS network addresses “9802”, “9803” and “9804”, eachcommunicating one with another using ICS network communicationfunctions, and each capable of exchanging the information that anotherICS address name administration server has. The ICS address name VANrepresentative administration server 13020-1 has an ICS network address“9805”, and another ICS address name VAN representative administrationserver 13020-2 has an ICS network address “9806”, these communicatingwith a great many ICS address name administration servers and other ICSaddress name VAN representative administration servers using ICS networkcommunication functions, and each capable of exchanging the informationthat each other has. The ICS address name VAN representativeadministration server 13020-1 has a processing device 13031-1 and adatabase 13032-1, performs exchange of the information such as ICSaddresses and ICS names with all ICS address name administration serverswithin the VAN 13000-1, the collected data relating to the ICS addressesand ICS names is stored in the database 13032-1. Hence the ICS addressname VAN representative administration server 13020-1 represents the VAN13030-1 by means of performing the above procedures.

The above ICS address name VAN administration server 13020-1 includes aprocessing device, a correlation table and an ICS name conversion table,and another embodiment may be formed by grouping the correlation tableand the ICS name conversion table into a single table, in which case oneof the ICS user addresses contained in both of these two types of tablesis used.

Embodiment-8 Full-Duplex Communication Including Satellite CommunicationPath: Part 1 <<Configuration of User, Data Providing Corporation,Communication Satellite, Etc.>>

The present embodiment performs a type of full-duplex communication bycombining a satellite's transmitting functions and IP communicationfunctions. In the present embodiment, “IP terminal” indicates a terminalor computer which has functions of sending and receiving IP packets.

Description will be made with reference to FIG. 61. The presentembodiment is comprised of: ICS 16000-1; access control apparatuses16100-1, 16110-1 and 16120-1; data providing corporation 16200-1; IPterminal 16210-1 of the data providing corporation; satellitetransmission corporation 16300-1; IP terminal 16310-1 of the satellitetransmission corporation; database 16320-1 of the satellite transmissioncorporation; satellite transmission equipment 16330-1 of the satellitetransmission corporation; communication satellite 16400-1; users16500-1, 16510-1 and 16520-1; IP terminals 16501-1, 16511-1 and 16521-1of each user; satellite receivers 16502-1, 16512-1 and 16522-1 of eachuser; satellite electric wave communication lines 16600-1, 16610-1,16620-1 and 16630-1; and user logic communication lines 16710-1,16720-1, 16730-1 and 16740-1. The IP terminals 16210-1, 16501-1, 16511-1and 16521-1 each have ICS user addresses “3000”, “2300”, “2400” and“2500”, and are respectively connected to the access control apparatuses16100-1, 16120-1, 16120-1 and 16110-1, via user logic communicationlines. The IP terminal 16310-1 can be classified as an ICS networkserver, having an ICS special number “4300”, and connected to the accesscontrol apparatus 16100-1 via the ICS network communication line withinthe ICS 16000-1. Electric wave transmitted from the satellitetransmitter 16330-1 transfer information via the satellite electric wavecommunication path 16600-1, the electric wave is received by satellitereceivers 16502-1, 16512-1 and 16522-1, the received data beingdelivered to the IP terminals 16501-1, 16511-1 and 16521-1. The presentembodiment is characterized by the satellite transmission corporation16300-1 having satellite communication functions.

<<Preparation: Description of Conventional Art>>

In order to describe the present embodiment, first, known TCP and UDPcommunication technology will be explained. FIG. 62 is an example offull-duplex communication using TCP, wherein a communicating party 1sends a synchronous packet #1, and a communicating party 2 returns aconfirming packet #2 upon receiving the first packet. Communicationprocedures wherein such packets #1 and #2 are sent and received isreferred to as TCP connection establishment phase. Next, bothcommunicating parties send and receive packets #3-1, #3-2, #3-3 and#3-4, and communication procedures wherein such sending and receiving ofpackets is performed is referred to as TCP data transfer phase. Finally,a final packet #4 is sent and a confirming packet #5 is returned toconfirm the reception of the packet. Communication procedures whereinsuch packets #4 and #5 are sent and received is referred to as TCPconnection ending phase. Besides the above TCP communication procedures,there are communication procedures called UDP, comprised of datatransfer alone. An example is shown in FIG. 62, UDP is characterized incomparison with TCP by the absence of the TCP connection establishmentand connection ending phases.

The communication procedures according to the present embodiment will bemade with reference to FIGS. 61 and 63. In the following procedures, theaforementioned TCP technology full-duplex communication is employedexcept for the cases of transmission instruction to satellitetransmission equipment (#6 and #14 in FIG. 63) and “data transmission”using electric wave from the satellite transmission equipment (#7 and #15 in FIG. 63), however, only the TCP data transfer phase is shown inFIG. 63, and the TCP connection establishment phase and TCP connectionending phase are omitted from the drawing and from description thereof.

The IP terminal 16210-1 of the data providing corporation 16200-1obtains “data to be provided” from the database 16220-1 thereof andsends it to the IP terminal 16310-1 of the satellite transmissioncorporation 16300-1 which can be identified by the ICS special number“4300”, using the IP frame transmission functions of the ICS (#1 in FIG.63, the same hereafter). The satellite transmission corporation 16300-1stores the received “data to be provided” in its database 16320-1. TheIP terminal 16501-1 of the user 16500-1 sends an “inquiry packet” to theIP terminal 16210-1 which can be identified with the ICS user address“3000” (#2). The IP terminal 16210-1 returns a “reply packet” (#3), theIP terminal 16501-1 receives this “reply packet”, and then sends a“request packet” to the IP terminal 16210-1(#4). When the IP terminal16210-1 receives the “request packet”, it sends a “transmissioninstruction packet” to the IP terminal 16310-1 (#5). When the IPterminal 16310-1 receives the “instruction packet”, it instructstransmission of the “data to be provided” saved in the database16220-1(#6). The satellite transmission equipment 16330-1 emits the“data to be provided” as electric wave toward the communicationsatellite 16400-1 (first half of #7), the communication satellite16400-1 amplifies the received “data to be provided” and emits it(latter half of #7), the satellite receiving equipment 16502-1 receivesthe “data to be provided” as electric wave, and hands it to the IPterminal 16501-1. Thus, the IP terminal 16501-1 obtains the “data to beprovided” via the communication satellite 16400-1, and sends a“reception confirmation packet” to the IP terminal 16210-1 of thecorporation 16200-1 providing the “data to be provided” (#8). Next, theIP terminal 16210-1 sends a “reception confirmation packet” to the IPterminal 16310-1 of the satellite transmission corporation 16300-1 (#9).In the above procedures, #1, #2, #3, #4, #5, #8 and #9 use theabove-described TCP communication technology, and the TCP data transferphase alone is shown and described.

Next, the procedures #10, #11, #12, #13, #14, #15, #16 and #17 shown inFIG. 63 are almost the same as the above procedures, the difference inthis example being that instead of the user 16500-1, the IP terminal16501-1 and the satellite receiving equipment 16502-1, another user16510-1, IP terminal 16511-1 and satellite receiving equipment 16512-1are used, and the present embodiment is capable of transferring “data tobe provided” to a plurality of users.

The above-described communication procedures shall be described withreference to FIG. 64. The sending of an “inquiry packet” (#2), returninga “reply packet” (#3), sending of a “request packet” (#4), “datatransmission” by satellite communication(#7), and sending “receptionconfirmation packet” (#8) in FIG. 64 corresponds with the sending of an“inquiry packet” (#2), returning a “reply packet” (#3), sending of a“request packet” (#4), “data transmission” by satellitecommunication(#7), and sending “reception confirmation packet” (#8) inFIG. 63. From the above description, in the event that the satellitecommunication corporation 16300-1 and the data providing corporation16200-1 are viewed as an integrated communication function unit(hereafter referred to as an “integrated communication entity”). Theuser in FIG. 64 can be considered to be performing full-duplexcommunication with the aforementioned integrated communication entity.

<<Variation on Above Embodiment>>

Next, a variation of the above embodiment wherein only a portion of thecommunication procedures has been changed shall be described withreference to FIGS. 61 and 65.

First, the IP terminal 16501-1 of the user 16500-1 sends an “inquirypacket” to the IP terminal 16210-1 which can be identified with the ICSuser address “3000” (#1 in FIG. 65: the same hereafter). The IP terminal16210-1 returns a “reply packet” (#2), the IP terminal 16510-1 receivesthe “reply packet”, and then sends a “request packet” to the IP terminal16210-1(#3). When the IP terminal 16210-1 receives the “request packet”,it sends “data to be provided” from the database 16220-1 thereof to theIP terminal 16310-1 which can be identified by the ICS special number“4300” (#4), and also sends a “transmission instruction packet” to theIP terminal 16310-1 (#5).

The satellite transmission corporation 16300-1 stores the received “datato be provided” in its database 16320-1, and instructs transmission ofthe saved “data to be provided” (#6). The satellite transmissionequipment 16330-1 emits the “data to be provided” as electric wavetoward the communication satellite 16400-1 (first half of #7), thecommunication satellite 16400-1 amplifies the received “data to beprovided” and emits it (latter half of #7), the satellite receivingequipment 16502-1 receives the “data to be provided” as electric wave,and hands it to the IP terminal 16501-1. Thus, the IP terminal 16501-1obtains the “data to be provided” via the communication satellite16400-1, and sends a “reception confirmation packet” to the IP terminal16210-1 of the corporation 16200-1 providing the “data to be provided”(#8). Next, the IP terminal 16210-1 sends a “reception confirmationpacket” to the IP terminal 16310-1 of the satellite transmissioncorporation 16300-1(#9). Next, the procedures #10, #11, #12, #13, #14,#15, #16, #17 and #18 are almost the same as the above procedures, thedifference in this example being that instead of the user 16500-1, theIP terminal 16501-1 and satellite receiving equipment 16502-1, anotheruser 16510-1, IP terminal 16511-1 and satellite receiving equipment16512-1 are used.

<<Another Variation on Above Embodiment>>

In the above two embodiments, TCP technology full-duplex communicationis employed, and only the TCP data transfer phase is shown in thefigures, with the TCP connection establishment phase and TCP connectionending phase being omitted from the drawings and from descriptionthereof. In the embodiment to be described now, UDP communicationtechnology described in FIG. 62 is applied to a part or to all, and partor all of the packet sending and receiving using the TCP data transferphase technique is replaced with packet sending and receiving using theUDP data transfer phase technique.

<<Another Variation on Above Embodiment>>

Another version will be described with reference to FIG. 66. In FIG. 61,the satellite transmission corporation 16300-1, the IP terminal 16310-1of the satellite transmission corporation, the database 16320-1 of thesatellite transmission corporation, and satellite transmission equipment16330-1 of the satellite transmission corporation are each within theICS 16000-1, the IP terminal 16310-1 being provided with an ICS specialnumber “4300”. As compared to this, in the example shown in FIG. 66, thesatellite transmission corporation 16300-2, the IP terminal 16310-2 ofthe satellite transmission corporation, the database 16320-2 of thesatellite transmission corporation, and the satellite transmissionequipment 16330-2 of the satellite transmission corporation are eachoutside of the ICS 16000-2, the IP terminal 16310-2 being provided withan ICS user address “3900”. The data providing corporation 16200-1 andusers 16500-1, 16510-1, 16520-1 are capable of sending and receiving ofIP packets can be performed completely regardless of whether the otherparty has an ICS user address or an ICS special number, so sending andreceiving of IP frames can be performed in combination with satellitecommunication with the example in FIG. 66 just as with that in FIG. 61.

Embodiment-9 Full-Duplex Communication Including Satellite CommunicationPath: Part 2

The present embodiment is another variation of Embodiment-8, withdescription being made with reference to FIGS. 61 and 66. The dataproviding corporation 16200-1, the satellite transmission corporation16300-1, the user 16500-1, etc. are the same; only the communicationprocedures are different. Also, TCP technology full-duplex communicationwill be employed, but FIG. 67 only illustrates the TCP data transferphase.

The IP terminal 16210-1 of the data providing corporation 16200-1obtains “data to be provided” from the database 16220-1 thereof andsends this to the IP terminal 16310-1 of the satellite transmissioncorporation 16300-1 which can be identified by the ICS special number“4300”, using the IP frame transmission functions of the ICS (#1 in FIG.67, the same hereafter). The satellite transmission corporation 16300-1stores the received “data to be provided” in its database 16320-1. Next,the IP terminal 16210-1 of the data providing corporation 16200-1 sendsa “transmission notification frame” to the IP terminal 16501-1 of theuser 16500-1 (#2). Upon receiving the “transmission notificationpacket”, the IP terminal 16501-1 returns a “transmission consent packet”to the IP terminal 16210-1 (#3). When the IP terminal 16210-1 receivesthe “transmission consent packet”, it sends a “transmission instructionpacket” to the IP terminal 16310-1 (#4). When the IP terminal 16310-1 ofthe satellite transmission corporation 16300-1 receives the“transmission instruction packet”, it instructs transmission of the“data to be provided” saved in the database 16220-1(#5). The satellitetransmission equipment 16330-1 emits the “data to be provided” aselectric wave toward the communication satellite 16400-1 (first half of#6), the communication satellite 16400-1 amplifies the received “data tobe provided” and emits it(latter half of #6), the satellite receivingequipment 16502-1 receives the “data to be provided” as electric wave,and hands it to the IP terminal 16501-1. Thus, the IP terminal 16501-1obtains the “data to be provided” via the communication satellite16400-1, and sends a “reception confirmation packet” to the IP terminal16210-1 of the data providing corporation 16200-1 providing the “data tobe provided” (#7).

The above-described communication procedures shall be described withreference to FIG. 68. The sending of an “transmission notificationpacket” (#2), the returning of a “transmission consent packet” (#3),“data transmission” by satellite communication (#6), and the sending of“reception confirmation packet” (#7) in FIG. 68 correspond with thesending of an “transmission notification frame” (#2), the returning of a“transmission consent packet” (#3), “data transmission” by satellitecommunication(#6), and the sending of “reception confirmation packet”(#7) in FIG. 67□respectively. From the above description, in the eventthat the satellite communication corporation 16300-1 and the dataproviding corporation 16200-1 are viewed as an integrated communicationfunction unit (hereafter referred to as an “integrated communicationentity”), the user 16500-1 in FIG. 68 can be considered to be performingfull-duplex communication with the aforementioned integratedcommunication entity.

<<Another Variation on Above Embodiment>>

Next, a variation of the above embodiment wherein only a portion of thecommunication procedures has been changed shall be described withreference to FIGS. 61 and 69. The IP terminal 16210-1 of the dataproviding corporation 16200-1 sends a “transmission notification packet”to the IP terminal 16501-1 of the user 16500-1 (#1 in FIG. 69: the samehereafter). Upon receiving the “transmission notification packet”, theIP terminal 16501-1 returns a “transmission consent packet” to the IPterminal 16210-1(#2). When the IP terminal 16210-1 receives the“transmission consent packet”, it obtains “data to be provided” from thedatabase 16220-1 thereof and sends this to the IP terminal 16310-1 ofthe satellite transmission corporation 16300-1 which can be identifiedby the ICS special number “4300” (#3) and further sends a “transmissioninstruction packet” to the IP terminal 16310-1(#4). When the IP terminal16310-1 of the satellite transmission corporation 16300-1 receives the“transmission instruction packet”, it instructs transmission of the“data to be provided” saved in the database 16220-1(#5). The subsequentcommunication procedures are the same as those described above.

<<Another Variation on Above Embodiment>>

In the above two embodiments, TCP technology full-duplex communicationis employed, and only the TCP data transfer phase is shown in thefigures, with the TCP connection establishment phase and the TCPconnection ending phase being omitted from the drawings and from thedescription thereof. In the embodiment to be described now, UDPcommunication technology described in FIG. 62 is applied to a part or toall, and part or all of the packet sending and receiving using the TCPdata transfer phase technique is replaced with packet sending andreceiving using the UDP data transfer phase technique.

<<Another Variation on Above Embodiment>>

Another version will be described with reference to FIG. 66. In FIG. 61,the satellite transmission corporation 16300-1, the IP terminal 16310-1of the satellite transmission corporation, the database 16320-1 of thesatellite transmission corporation, and the satellite transmissionequipment 16330-1 of the satellite transmission corporation are eachwithin the ICS 16000-1, the IP terminal 16310-1 being provided with anICS special number “4300”. As compared to this, in the example shown inFIG. 66, the satellite transmission corporation 16300-2, the IP terminal16310-2 of the satellite transmission corporation, the database 16320-2of the satellite transmission corporation, and the satellitetransmission equipment 16330-2 of the satellite transmission corporationare each outside of the ICS 16000-2, the IP terminal 16310-2 beingprovided with an ICS user address “3900”.

Embodiment-10 Full-Duplex Communication Including SatelliteCommunication Path: Part 3

The present embodiment is another variation of Embodiment-8, and will bedescribed with reference to FIGS. 61 and 70. The data providingcorporation 16200-1, the satellite transmitting corporation 16300-1, theuser 16500-1 are the same, with only the communication procedures beingdifferent. The present embodiment performs the full-duplex communicationof TCP technology, but only the TCP data transfer phase is shown in FIG.70.

The IP terminal 16210-1 of the data providing corporation 16200-1 sendsa “plan notification packet” to each of the following: the IP terminal16501-1 having an ICS user address “2300”, ICS user address “2400”(16511-1), and ICS user address “2500” (16521-1) (#1 in FIG. 70: thesame hereafter). Next, the IP terminal 16210-1 of the data providingcorporation 16200-1 obtains “data to be provided” from the database16220-1 thereof and sends this to the IP terminal 16310-1 of thesatellite transmission corporation 16300-1 which can be identified bythe ICS special number “4300”, using the IP frame transfer functions ofthe ICS(#2). The satellite transmission corporation 16300-1 stores thereceived “data to be provided” in its database 16320-1, and alsoinstructs transmission of the “data to be provided” (#3). The satellitetransmission equipment 16330-1 emits the “data to be provided” aselectric wave toward the communication satellite 16400-1(first half of#4), the communication satellite 16400-1 amplifies the received “data tobe provided” and emits it(latter half of #4), the satellite receivingequipment 16502-1 receives the “data to be provided” as electric wave,and hands it to the IP terminal 16501-1.

Thus, the IP terminal 16501-1 obtains the “data to be provided” via thecommunication satellite 16400-1, and sends an “individual report packet”to the IP terminal 16210-1(#5-1). Using the same communicationprocedures, the IP terminal 16511-1 obtains the “data to be provided”,and sends an “individual report packet” to the IP terminal 16210-1(#5-2). The IP terminal 16521-1 also obtains the “data to be provided”,and sends an “individual report packet” to the IP terminal16210-1(#5-3). The IP terminal 16210-1 sends an “individual inquirypacket” to the IP terminal 16511-1 of the user 16510-1(#6), and the IPterminal 16511-1 returns an “individual reply packet” to the IP terminal16210-1(#7).

The above-described communication procedures will be described withreference to FIG. 71. The sending of the “plan notification frame” (#1),“data transmission” by satellite communication(#4), the sending of“individual report packet” (#5-2), the sending of “individual inquirypacket” (#6), and the returning of “individual reply packet” (#7) inFIG. 71 correspond with the sending of the “plan notification packet”(#1), “data transmission” by satellite communication(#4), the sending of“individual report frame” (#5-2), the sending of “individual inquiryframe” (#6), and the returning of “individual reply frame” (#7) in FIG.70, respectively. From the above description, in the event that thesatellite communication corporation 16300-1 and the data providingcorporation 16200-1 are viewed as an integrated communication entity,the user 16500-1 in FIG. 67 can be considered to be performingfull-duplex communication with the aforementioned integratedcommunication entity.

<<Another Variation on Above Embodiment>>

In each of the above embodiments, the full-duplex communication of TCPtechnology is employed, and only the TCP data transfer phase is shown inthe figures, with the TCP connection establishment phase and TCPconnection ending phase being omitted from the drawings and from thedescription thereof. In the embodiment to be described now, UDPcommunication technology described in FIG. 62 is applied to a part or toall, and part or all of the packet sending and receiving using the TCPdata transfer phase technique is replaced with packet sending andreceiving using the UDP data transfer phase technique.

<<Another Variation on Above Embodiment>>

Another version will be described with reference to FIG. 66. In FIG. 61,the satellite transmission corporation 16300-1, the IP terminal 16310-1of the satellite transmission corporation, the database 16320-1 of thesatellite transmission corporation, and the satellite transmissionequipment 16330-1 of the satellite transmission corporation are eachwithin the ICS 16000-1, the IP terminal 16310-1 being provided with anICS special number “4300”. As compared to this, in the example shown inFIG. 66, the satellite transmission corporation 16300-2, the IP terminal16310-2 of the satellite transmission corporation, the database 16320-2of the satellite transmission corporation, and the satellitetransmission equipment 16330-2 of the satellite transmission corporationare each outside of the ICS 16000-2, the IP terminal 16310-2 beingprovided with an ICS user address “3900”.

Embodiment-11 Full-Duplex Communication Including SatelliteCommunication Path: Part 4

The present embodiment is another variation of Embodiment-8, and will bedescribed with reference to FIGS. 61 and 72. The data providingcorporation 16200-1, the satellite transmission corporation 16300-1, theuser 16500-1 are the same, with only the communication procedures beingdifferent. The present embodiment performs the full-duplex communicationof TCP technology, but only the TCP data transfer phase is shown in FIG.72.

The IP terminal 16210-1 of the data providing corporation 16200-1obtains “data to be provided” from the database 16220-1 thereof andsends this to the IP terminal 16310-1 of the satellite transmissioncorporation 16300-1 which can be identified by the ICS special number“4300”, using the IP frame transfer functions of the ICS (#1 in FIG. 72:the same hereafter). The satellite transmission corporation 16300-1stores the received “data to be provided” in its database 16320-1.

Next, the IP terminal 16501-1 of the user 16500-1 sends an “inquirypacket” to the IP terminal 16310-1 which can be identified with the ICSuser address “4300” (#2). The IP terminal 16310-1 returns a “replypacket” (#3), the IP terminal 16510-1 receives the “reply packet”, andthen sends a “request packet” to the IP terminal 16310-1(#4). When theIP terminal 16310-1 receives the “request packet”, it instructssatellite transmission equipment of the “data to be provided” saved inthe database 16300-1(#5). The satellite transmission equipment 16330-1emits the “data to be provided” as electric wave toward thecommunication satellite 16400-1 (first half of #6), the communicationsatellite 16400-1 amplifies the received “data to be provided” and emitsit (latter half of #6), the satellite receiving equipment 16502-1receives the “data to be provided” as electric wave, and hands it to theIP terminal 16501-1. Thus, the IP terminal 16501-1 obtains the “data tobe provided” via the communication satellite 16400-1, and sends a“reception confirmation packet” to the IP terminal 16310-1 of the dataproviding corporation 16200-1 providing the “data to be provided” (#7).In the above procedures, #1, #2, #3, #4 and #7 use the above-describedTCP communication technology, and the TCP data transfer phases alone areshown and described. Next, the procedures #8, #9, #10, #11, #12 and #13shown in FIG. 72 are almost the same as the above procedures, thedifference in this example being that instead of the user 16500-1, theIP terminal 16501-1, and the satellite receiving equipment 16502-1,another corporation 16510-1, IP terminal 16511-1, and satellitereceiving equipment 16512-1 are used.

The above-described communication procedures shall be described withreference to FIG. 64. The sending of an “inquiry packet” (#2), thereturning of a “reply packet” (#3), the sending of a “request packet”(#4), “data transmission” by satellite communication(#7), and thesending of “reception confirmation packet” (#8) in FIG. 64 correspondwith the sending of an “inquiry packet” (#2), the returning of a “replypacket” (#3), the sending of a “request packet” (#4), “datatransmission” by satellite communication(#7), and the sending “receptionconfirmation packet” (#8) in FIG. 72, respectively. From the abovedescription, in the event that the satellite communication corporation16300-1 and the data providing corporation 16200-1 are viewed as anintegrated communication entity, the user 16500-1 in FIG. 64 can beconsidered to be performing full-duplex communication with theaforementioned integrated communication entity.

<<Another Variation on Above Embodiment>>

In the above two embodiments, the full-duplex communication of TCPtechnology is employed, and only the TCP data transfer phase is shown inthe figures, with the TCP connection establishment phase and TCPconnection ending phase being omitted from the drawings and from thedescription thereof. In the embodiment to be described now, UDPcommunication technology described in FIG. 62 is applied to a part or toall, and part or all of the packet sending and receiving using the TCPdata transfer phase technique is replaced with packet sending andreceiving using the UDP data transfer phase technique.

<<Another Variation on Above Embodiment>>

Another version will be described with reference to FIG. 66. In FIG. 61,the satellite transmission corporation 16300-1, the IP terminal 16310-1of the satellite transmission corporation, the database 16320-1 of thesatellite transmission corporation, and the satellite transmissionequipment 16330-1 of the satellite transmission corporation are eachwithin the ICS 16000-1, the IP terminal 16310-1 being provided with anICS special number “4300”. As compared to this, in the example shown inFIG. 66, the satellite transmission corporation 16300-2, the IP terminal16310-2 of the satellite transmission corporation, the database 16320-2of the satellite transmission corporation, and the satellitetransmission equipment 16330-2 of the satellite transmission corporationare each outside of the ICS 16000-2, the IP terminal 16310-2 beingprovided with an ICS user address “3900”.

Embodiment-12 Full-Duplex Communication Including SatelliteCommunication Path: Part 5

The present embodiment performs a type of full-duplex communication bycombining a satellite transmission function and an IP communicationfunction. A major difference between the present embodiment andEmbodiment-8 is the fact that the satellite receiving equipment iswithin the access control apparatus in the present embodiment.

Description will be made with reference to FIG. 73. The presentembodiment is comprised of: an ICS 16000-3; access control apparatuses16100-3, 16110-3 and 16120-3; satellite reception equipments 16102-3,16112-3 and 16122-3; a data providing corporation 16200-3; an IPterminal 16210-3 of the data providing corporation; a satellitetransmission corporation 16300-3; an IP terminal 16310-3 of thesatellite transmission corporation; a database 16320-3 of the satellitetransmission corporation; a satellite transmission equipment 16330-3 ofthe satellite transmission corporation; a communication satellite16400-3; users 16500-3, 16510-3 and 16520-3; IP terminals 16501-3,16511-3 and 16521-3 of each user; satellite airwaves communication lines16600-3, 16610-3, 16620-3 and 16630-3; and user logic communicationlines 16710-3, 16720-3, 16730-3 and 16740-3. The IP terminals 16210-3,16501-3, 16511-3 and 16521-3 each have ICS user addresses “3000”,“2300”, “2400” and “2500”, and are respectively connected to the accesscontrol apparatuses 16100-3, 16120-3, 16120-3 and 16110-3, via userlogic communication lines. The IP terminal 16310-3 can be classified asan ICS network server, having an ICS special number “4300”, andconnected to the access control apparatus 16100-3 via the ICS networkcommunications line within the ICS 16000-3. Electric wave transmittedfrom the satellite transmitter 16330-3 transfers information via thesatellite electric wave communication path 16600-3, the electric wave isreceived by satellite receivers 16112-3 and 16122-3.

<<Example of Communication Procedures >>

The communication procedures according to the present embodiment will bemade with reference to FIGS. 73 and 74. In the following procedures, theaforementioned full-duplex communication of TCP technology is employedexcept for the cases of transmission instruction to satellitetransmission equipment (#5 and #12 in FIG. 74) and “data transmission”using electric wave from the satellite transmission equipment (#6 and #13 in FIG. 74), however, only the TCP data transfer phase is shown inFIG. 74.

The IP terminal 16210-3 of the data providing corporation 16200-3obtains “data to be provided” from the database 16220-3 thereof andsends this to the IP terminal 16310-3 of the satellite transmissioncorporation 16300-3 which can be identified by the ICS special number“4300”, using the IP packet transfer function of the ICS (#1 in FIG. 74,the same hereafter). The satellite transmission corporation 16300-3stores the received “data to be provided” in its database 16320-3. TheIP terminal 16501-3 of the user 16500-3 sends an “inquiry packet” to theIP terminal 16310-3 which can be identified with the ICS user address“4300” (#2). The IP terminal 16310-3 returns a “reply packet” (#3), theIP terminal 16501-3 receives the “reply packet”, and then sends a“request packet” to the IP terminal 16310-3 (#4). When the IP terminal16310-3 receives the “request packet”, it converts the “data to beprovided” saved in the database 16320-3 into ICS packet format andinstructs transmission thereof(#5). Here, the data portion of the ICSpacket is the “data to be provided”, and the destination ICS useraddress is address “2300” of the IP terminal 16501-3. The satellitetransmission equipment 16330-3 emits the ICS packet including “data tobe provided” as electric wave toward the communication satellite 16400-3(first half of #6), the communication satellite 16400-3 amplifies thereceived “data to be provided” and emits it (latter half of #6), thesatellite receiving equipments 16502-3, 16112-3 and 16122-3 each receivethe ICS frame including the “data to be provided” as electric wave, eachcheck the destination of the “data to be provided”, and since thedestination of the “data to be provided” is IP terminal 16501-3, theaccess control apparatus 16122-3 returns the “data to be provided”, tothe ICS user frame format, and sends it to the IP terminal 16501-3(#7).Upon receiving the “data to be provided”, the IP terminal 16501-3 sendsa “reception confirmation packet” to the IP terminal 16310-3(#8). In theabove procedures, #1, #2, #3, #4, #7 and #8 use the above-described TCPcommunication technology, and the TCP data transfer phase alone is shownand described.

Next, the procedures #9, #10, #11, #12, #13, #14 and #15 shown in FIG.74 are almost the same as the above procedures, the difference in thisexample being that instead of the user 16500-3, the IP terminal 16501-3,and the satellite receiving equipment 16502-3, another company 16510-3,IP terminal 16511-3, and satellite receiving equipment 16512-3 are used,and the present embodiment is capable of transferring “data to beprovided” to a plurality of users.

The above-described communication procedures shall be described withreference to FIG. 64. The sending of an “inquiry packet” (#2), thereturning of a “reply packet” (#3), the sending of a “request packet”(#4), “data transmission” by satellite communication(#7), and thesending of “reception confirmation packet” in FIG. 64 correspond withthe sending of an “inquiry packet” (#2), the returning of a “replypacket” (#3), the sending of a “request packet” (#4), “datatransmission” by satellite communication(#7), and the sending of“reception confirmation packet” (#8) in FIG. 74, respectively. From theabove description, in the event that the satellite communicationcorporation 16300-3 and the data providing corporation 16200-3 areviewed as an “integrated communication entity, the user in FIG. 64 canbe considered to be performing full-duplex communication with theaforementioned integrated communication entity.

<<Another Variation on Above Embodiment>>

In the above two embodiments, the full-duplex communication of TCPtechnology is employed, and only the TCP data transfer phase is shown inthe figures, with the TCP connection establishment phase and TCPconnection ending phase being omitted from the drawings and from thedescription thereof. In the embodiment to be described now, UDPcommunication technology described in FIG. 62 is applied to a part or toall, and part or all of the packet sending and receiving using the TCPdata transfer phase technique is replaced with packet sending andreceiving using the UDP data transfer phase technique.

<<Another Variation on Above Embodiment>>

Another version will be described with reference to FIG. 75. In FIG. 73,the satellite transmission corporation 16300-3, the IP terminal 16310-3of the satellite transmission corporation, the database 16320-1 of thesatellite transmission corporation, and the satellite transmissionequipment 16330-3 of the satellite transmission corporation are eachinside the ICS 16000-3, the IP terminal 16310-3 being provided with anICS special number “4300”. As compared to this, in the example shown inFIG. 75, the satellite transmission corporation 16300-4, the IP terminal16310-4 of the satellite transmission corporation, the database 16320-2of the satellite transmission corporation, and the satellitetransmission equipment 16330-4 of the satellite transmission corporationare each outside of the ICS 16000-4, the IP terminal 16310-4 beingprovided with an ICS user address “3900”.

Embodiment-13 Control of Receiving Priority Degree

In the control field of the IP packet shown in FIG. 3, there is atransmitting IP address and a destination IP address in addition to the“protocol type”, and in the TCP packet shown in FIG. 76 and the UDPframe shown in FIG. 77 there are defined a sender's port number and anintended receiver's port number, respectively. The 48 bits of dataconsisting of the IP address (32 bits) and the port number (16 bits)laid out is called a socket number. That is, socket number=IPaddress∥port number. In the present embodiment, the following termsshall be used: sender's socket number=sender's IP address sender's portnumber; intended receiver's socket number=intended receiver's IPaddress∥intended receiver's port number.

The present embodiment is an example of controlling the degree ofpriority of the ICS user frame which is obtained by reaching the accesscontrol apparatus from the ICS network communication line and beingreversely ICS-encapsulated here, this controlling the degree of prioritybeing performed using the “protocol type” which is displayed in the ICSuser frame, and the socket number thereof.

As shown in FIGS. 78 and 79, an ICS 17000-1 includes access controlapparatuses 17100-1, 17110-1, 17120-1, 17130-1, 17140-1, 17150-1 and17160-1, and the access control apparatus 17100-1 includes a line unit17111-1, a processing device 17112-1 and a conversion table 17113-1.Blocks 17200-1, 17210-1, 17220-1, 17230-1, 17240-1, 17250-1, 17260-1,17270-1 and 17280-1 are each corporation LANs, and are each connected tothe ICS 17000-1 via the respective gateways 17201-1, 17211-1, 17221-1,17231-1, 17241-1, 17251-1, 17261-1, 17271-1 and 17281-1. Each LAN has 2to 3 terminals having functions for sending IP user packet, wherein theICS user addresses are: for within LAN 17200-1, “2600” and “2610”; forwithin LAN 17200-1, “2600” and “2610”; for within LAN 17210-1, “1230”and “1240”; for within LAN 17220-1, “2700”, “2710”, and “2720”; forwithin LAN 17230-1, “2800” and “2810”; for within LAN 17240-1, “1200”and “1210”; for within LAN 17250-1, “1200” and “1210”; for within LAN17260-1, “2200” and “2210”; for within LAN 17270-1, “2300” and “2310”;and for within LAN 17280-1, “2400” and “2410”. Further, blocks 17291-1and 17292-1 are each terminals which have functions of sending andreceiving IP user packets, respectively having ICS user addresses “2500”and “1250”, being connected to ICS 17000-1.

<<Conversion Table>>

The conversion table 17113-1 within the access control apparatus 17100-1shall be described with reference to FIGS. 80 and 81. The function ofthe conversion table as the same as those in the other embodiments, andthe present invention is characterized in that the portion table, named“degree of priority of reception” code, degree of priority of protocol,degree of priority of TCP socket, and degree of priority of UDP socket,which are components of the conversion table 17113-1 are used forcontrolling the degree of priority. In the event that the transmittingICS network address of the conversion table is “7821”, the “degree ofpriority of reception” code is stipulated to be “pr-7821”. That is, the“degree of priority of reception” code is made to be a parameter whichis dependent on the ICS network address provided to the ICS user logicterminal sent from the access control apparatus after the ICS reverseencapsulation. Looking at the other portion table of the conversiontable 17113-1, e.g., in regard to “pr-7821”, the degree of priority ofprotocol is described as being “p-1”, the degree of priority of TCPsocket as “t-1”, and the degree of priority of UDP socket as “NULL”.Here, “NULL” indicates “unspecified”. The degree of priority of protocol“p-1” dictates that the degree of priority of is, in descending order,“TCP”, “UDP”, “ICPM” and “IGPM”.

Looking at even other portion table with regard to the degree ofpriority of TCP socket “t-1”, the dictated order of degree of priorityof is, in descending order, “sk-1” and “sk-7”. Looking at even otherportion table with regard to the degree of priority of UDP socket “u-1”,the dictated order of degree of priority is, in descending order, “sk-3”and “sk-8”. Further, in the contents of the socket code “sk-1” which iswritten in another portion table, “To” indicates the intended receiver'ssocket number, and indicates that the intended receiver's IP address is“2100” and that the intended receiver's port number is “30”, and in thesame manner, in the contents of the socket code “sk-2”, “From” indicatesthe sender's socket number, and indicates that the sender's IP addressis “1240” and that the sender's port number is “32”.

<<Individual Description of ICS Packet>>

The ICS network frame NF01 is sent out from the terminal 17291-1 withthe ICS user address “2500”, and then is ICS-encapsulated at the accesscontrol apparatus 17110-1 with a transmitting ICS network address “7200”and a receiving ICS network address “7821”, then is transferred withinthe ICS 17000-1 and reaches the access control apparatus 17100-1, whereit is reversely ICS-encapsulated to become an ICS user frame UF01, andreaches the terminal with the ICS user address “2100” via the user logiccommunication line 17821-1. The “protocol type” of the control field ofthe user packet UF01 which is within the ICS network packet NF01 is TCP,and the “intended receiver's port number” of the TCP packet is “30” inthe example.

In the following, beginning with a packet NF02, brief description willbe made in the order of NF03, NF04, NF05, NF06, NF07, NF08, NF09, NF10and NF11, as shown in FIG. 78.

A frame NF02 is sent out from a terminal with the ICS user address“2600”, and then is ICS-encapsulated at with a transmitting ICS networkaddress “7300” and a receiving ICS network address “7821”, then istransferred within the ICS and is reversely ICS-encapsulated to become aframe UF02, and reaches the terminal with the ICS user address “2110”via the user logic communication line 17821-1. The “protocol type” ofthe packet UF02 is TCP, and the “intended receiver's port number” of theTCP packet is “30”, in this example.

A frame NF03 is sent out from a terminal with the ICS user address“1230”, and then is ICS-encapsulated at with a transmitting ICS networkaddress “7400” and a receiving ICS network address “7822”, then istransferred within the ICS and is reversely ICS-encapsulated to become apacket UF03, and reaches the terminal with the ICS user address “1200”via the user logic communication line 17822-1. The “protocol type” ofthe packet UF03 is TCP, and the “intended receiver's port number” of theTCP packet is “30”, in this example.

A frame NF02 is sent out from a terminal with the ICS user address“1240”, and then is ICS-encapsulated at with a transmitting ICS networkaddress “7400” and a receiving ICS network address “7822”, then istransferred within the ICS and is reversely ICS-encapsulated to become apacket UF04, and reaches the terminal with the ICS user address “1210”via the user logic communication line 17822-1. The “protocol type” ofthe packet UF04 is TCP, and the “intended receiver's port number” of theTCP packet is “32”, in this example.

A frame NF05 is sent out from a terminal with the ICS user address“1250”, and then is ICS-encapsulated at with a transmitting ICS networkaddress “7500” and a receiving ICS network address “7822”, then istransferred within the ICS and is reversely ICS-encapsulated to become apacket UF05, and reaches the terminal with the ICS user address “1220”via the user logic communication line 17822-2. The “protocol type” ofthe packet UF05 is TCP, and the “intended receiver's port number”thereof is “32”, in this example.

A frame NF06 is sent out from a terminal with the ICS user address“2610”, and then is ICS-encapsulated at with a transmitting ICS networkaddress “7300” and a receiving ICS network address “7823”, then istransferred within the ICS and is reversely ICS-encapsulated to become apacket UF06, and reaches the terminal with the ICS user address “2200”via the user logic communication line 17823-1. The “protocol type” ofthe packet UF06 is UDP, and the “intended receiver's port number” of theTCP packet is “40”, in this example.

A frame NF07 is sent out from a terminal with the ICS user address“2700”, and then is ICS-encapsulated at with a transmitting ICS networkaddress “7600” and a receiving ICS network address “7823”, then istransferred within the ICS and is reversely ICS-encapsulated to become apacket UF07, and reaches the terminal with the ICS user address “2210”via the user logic communication line 17823-1. The “protocol type” ofthe packet UF07 is UDP, and the “intended receiver's port number”thereof is “40”, in this example.

A packet NF08 is sent out from a terminal with the ICS user address“2710”, and then is ICS-encapsulated at with a transmitting ICS networkaddress “7600” and a receiving ICS network address “7824”, then istransferred within the ICS and is reversely ICS-encapsulated to become apacket UF08, and reaches the terminal with the ICS user address “2300”via the user logic communication line 17824-1. The “protocol type” ofthe packet UF08 is UDP, and the “intended receiver's port number”thereof is “40”, in this example.

A packet NF09 is sent out from a terminal with the ICS user address“2800”, and then is ICS-encapsulated at with a transmitting ICS networkaddress “7700” and a receiving ICS network address “7824”, then istransferred within the ICS and is reversely ICS-encapsulated to become apacket UF09, and reaches the terminal with the ICS user address “2310”via the user logic communication line 17824-1. The “protocol type” ofthe packet UF09 is UDP, and the “intended receiver's port number”thereof is “42”, in this example.

A packet NF10 is sent out from a terminal with the ICS user address“2720”, and then is ICS-encapsulated at with a transmitting ICS networkaddress “7600” and a receiving ICS network address “7825”, then istransferred within the ICS and is reversely ICS-encapsulated to become apacket UF10, and reaches the terminal with the ICS user address “2400”via the user logic communication line 17825-1. The “protocol type” ofthe packet UF10 is TCP, and the “intended receiver's port number”thereof is “60”, in this example.

A frame NF11 is sent out from a terminal with the ICS user address“2810”, and then is ICS-encapsulated at with a transmitting ICS networkaddress “7700” and a receiving ICS network address “7825”, then istransferred within the ICS and is reversely ICS-encapsulated to become apacket UF11, and reaches the terminal with the ICS user address “2410”via the user logic communication line 17825-1. The “protocol type” ofthe packet UF11 is UDP, and the “intended receiver's port number”thereof is “70”, in this example.

Example 1 For Determining the Degree of Priority

The manner in which the degree of priority is determined will bedescribed with reference to the flowchart in FIG. 82. The access controlapparatus 17100-1 receives the ICS network packets NF01 and NF02 fromthe ICS network communication line almost at the same time (Step S1000),and reversely ICS-encapsulates each to obtain ICS user packets UF01 andUF02 (Step S1010). From the conversion table 17113-1 it can be knownthat the receiving ICS network address of the ICS logic terminal sendingthese ICS user packets is “7821” for both, i.e., that there is a match(Step S1020). The “degree of priority of reception” code for both ICSnetwork packets NF01 and NF02 is “pr-7821”, and then according toportion table of the conversion table 17113-1, the degree of priority ofprotocol for “pr-7821” is specified as being “p-1”, the degree ofpriority of TCP socket as “t-1”, and the degree of priority of UDPsocket as “NULL”. Further, looking at even other portion tablecomprising the conversion table 17113-1, the degree of priority ofprotocol “p-1” dictates that the degree of priority of is, in descendingorder, TCP, UDP, ICPM and IGPM, and with regard to the degree ofpriority of TCP socket “t-1”, the dictated order of degree of priorityof is, in descending order, “sk-1” and “sk-7”, and the contents of thesocket code “sk-1” indicate that the IP address comprising the intendedreceiver's socket number is “2100” and that the intended receiver's portnumber thereof is “30”. The protocol type indicated within the ICSnetwork packet NF01 is “TCP”, the intended receiver's ID address is“2100”, and the intended receiver's port number is “30”. On the otherhand, the protocol type indicated within the ICS network packet NF02 is“TCP”, the intended receiver's ID address is “2110”, and the intendedreceiver's port number is “30”. In the present embodiment, it can beunderstood that it is the ICS network packet NF01 that has the protocoltype and intended receiver's socket number that matches with thespecifications of the aforementioned socket code “sk-1”. Based on theabove procedures, it is determined that the ICS network packet to besent out with higher priority is NF01(Step S1030). Next, this ICSnetwork packet NF01 is sent out to the user logic terminal via the ICSlogic terminal (Step S1040).

Example 2 For Determining the Degree of Priority

The access control apparatus 17100-1 receives the ICS network framesNF03, NF04 and NF05 from the ICS network communication line almost atthe same time (Step S1000), and reversely ICS-encapsulates each toobtain ICS user packets UF03, NF04 and UF05(Step S1010). From theconversion table 17113-1 it can be known that the receiving ICS networkaddress of the ICS logic terminal sending these ICS user packets is“7822” for all, i.e., that there is a match (Step S1020). The “degree ofpriority of reception” code for all of the ICS network packets NF03,NF04 and NF05 is “pr-7822”, the degree of priority of protocol thereofis specified as being “P-1”, the degree of priority of TCP socket as“t-2”, and the degree of priority of UDP socket as “NULL”. The contentsof the degree of priority of protocol “p-1” dictates that TCP has thehighest degree of priority, and with regard to the degree of priority ofTCP socket “t-2”, “sk-2” has the highest degree of priority, and thecontents of the socket code “sk-2” indicate that the IP addresscomprising the sender's socket number is “2100” and that the sender'sport number thereof is “30”. The protocol type indicated within the ICSnetwork packet NF03 is “TCP”, the sender's ID address is “1230”, and thesender's port number is “30”. The protocol type indicated within the ICSnetwork packet NF04 is “TCP”, the sender's ID address is “1240”, and thesender's port number is “32”. Also, the protocol type indicated withinthe ICS network packet NF05 is “TCP”, the sender's ID address is “1250”,and the sender's port number is “32”. In the present embodiment, it canbe understood that it is the ICS network packet NF04 that has theprotocol type and the intended receiver's socket number that matcheswith the specifications of the aforementioned socket code “sk-2”. Basedon the above procedures, it is determined that the ICS network packet tobe sent out with higher priority is NF04 (Step S1030). Next, this ICSnetwork packet NF04 is sent out to the user logic terminal via the ICSlogic terminal (Step S1040).

Example 3 For Determining the Degree of Priority

The access control apparatus 17100-1 receives the ICS network packetsNF06 and NF07 from the ICS network communication line almost at the sametime (Step S1000), and reversely ICS-encapsulates each to obtain ICSuser packets UF06 and UF07 (Step S1010). From the conversion table17113-1 it can be known that the receiving ICS network address of theICS logic terminal sending these ICS user packets is “7823” for both,i.e., that there is a match (Step S1020). The “degree of priority ofreception” code for both ICS network packets NF06 and NF07 is “pr-7823”,and the degree of priority of protocol is specified as being “p-2”, thedegree of priority of TCP socket as “NULL”, and the degree of priorityof UDP socket as “u-1”. Further, looking at even other portion tablecomprising the conversion table 17113-1, the degree of priority ofprotocol “p-2” dictates that the degree of priority is, in descendingorder, UDP, TCP, ICPM and IGPM, and with regard to the degree ofpriority of UDP socket “u-1”, the dictated order of degree of priorityis, in descending order, “sk-3” and “sk-8”, and the contents of thesocket code “sk-3” indicate that the IP address comprising the intendedreceiver's socket number is “2200” and that the intended receiver's portnumber thereof is “40”. The protocol type indicated within the ICSnetwork packet NF06 is “UDP”, the intended receiver's ID address is“2200”, and the intended receiver's port number is “40”. On the otherhand, the protocol type indicated within the ICS network packet NF07 is“UDP”, the intended receiver's ID address is “2110”, and the intendedreceiver's port number is “40”. In the present embodiment, it can beunderstood that it is the ICS network packet NF06 that has the protocoltype and the intended receiver's socket number that matches with thespecifications of the aforementioned socket code “sk-3”. Based on theabove procedures, it is determined that the ICS network packet to besent out with higher priority is NF06 (Step S1030). Next, this ICSnetwork packet NF06 is sent out to the user logic terminal via the ICSlogic terminal (Step S1040).

Example 4 For Determining the Degree of Priority

The access control apparatus 17100-1 receives the ICS network packetsNF08 and NF09 from the ICS network communication line almost at the sametime (Step S1000), and reversely ICS-encapsulates each to obtain ICSuser packets UF08 and UF09 (Step S1010).

From the conversion table 17113-1 it can be known that the receiving ICSnetwork address of the ICS logic terminal sending these ICS user packetsis “7824” for both, i.e., that there is a match (Step S1020). The“degree of priority of reception” code for both ICS network packets NF08and NF09 is “pr-7824”, and the degree of priority of protocol isspecified as being “p-2”, the degree of priority of TCP socket as“NULL”, and the degree of priority of UDP socket as “u-2”. The degree ofpriority of protocol “p-2” dictates that socket code “sk-4” has thehighest priority, and the contents of the socket signal “sk-4” indicatethat the IP address comprising the sender's socket number is “2710” andthat the sender's port number thereof is “40”. The protocol typeindicated within the ICS network packet NF08 is “UDP”, the sender's IDaddress is “2710”, and the sender's port number is “40”. On the otherhand, the protocol type indicated within the ICS network packet NF09 is“UDP”, the sender's ID address is “2800”, and the sender's port numberis “42”. In the present embodiment, it can be understood that it is theICS network packet NF08 that has the protocol type and the sender'ssocket number that matches with the specifications of the aforementionedsocket code “sk-4”. Based on the above procedures, it is determined thatthe ICS network packet to be sent out with higher priority is NF08 (StepS1030). Next, this ICS network packet NF08 is sent out to the user logicterminal via the ICS logic terminal (Step S1040).

Example 5 For Determining the Degree of Priority

The access control apparatus 17100-1 receives the ICS network framesNF10 and NF11 from the ICS network communication line almost at the sametime (Step S11000), and reversely ICS-encapsulates each to obtain ICSuser packets UF10 and UF11 (Step S1011).

From the conversion table 17113-1 it can be known that the receiving ICSnetwork address of the ICS logic terminal sending these ICS user packetsis “7825” for both, i.e., that there is a match (Step S1020). The“degree of priority of reception” code for both ICS network packets NF10and NF11 is “pr-7825”, and the degree of priority of protocol isspecified as being “p-1”, the degree of priority of TCP socket as “t-3”,and the degree of priority of UDP socket as “u-3”. The degree ofpriority of protocol “p-1” dictates that the degree of priority of TCPis higher than that of UDP. The protocol type indicated in the ICSnetwork packet NF10 is “TCP”, and the protocol type indicated in the ICSnetwork packet NF10 is “UDP”. Based on the above procedures, it isdetermined that the ICS network packet to be sent out with higherpriority is NF10 (Step S1030). Next, this ICS network packet NF10 issent out to the user logic terminal via the ICS logic terminal (StepS1040).

Embodiment-14 Control of Transmitting Priority Degree

Description will now be made regarding and embodiment wherein user IPpackets arriving from outside the ICS are ICS-encapsulated with theaccess control apparatus, and then the order of sending out onto the ICSnetwork communication line is decided.

<<Configuration>>

As shown in FIG. 83, an CS 17000-2 includes access control apparatuses17100-2 through 17190-2, and the access control apparatus 17100-2includes a line unit 17111-2, a processing device 17112-2 and aconversion table 17113-2. Blocks 17240-2 through 17280-2 are corporateLANs which are each connected to the ICS 17000-2 via the ICS user logiccommunication line. Each of the LANs includes a plurality of IPterminals and blocks 17401-2 and 17411-2 are both IP terminals.

<<Conversion Table>>

The functions of the conversion table 17113-2 shown in FIGS. 84 and 85are the same as those in the other embodiments, and the presentinvention is characterized in that the portion table, named “degree ofpriority of reception” code, degree of priority of protocol, degree ofpriority of TCP socket, and degree of priority of UDP socket, which arecomponents of the conversion table 17113-2 are used for controlling thedegree of priority. In the event that the transmitting ICS networkaddress of the conversion table is “7821”, the “transmitting prioritydegree” code is stipulated to be “ps-7821”. That is, the “receivingpriority degree” code is made to be a parameter which is dependent onthe ICS network address provided to the ICS user logic terminal sentfrom the access control apparatus after the ICS reverse encapsulation.Looking at the other portion table of the conversion table 17113-1,e.g., in regard to “ps-7821”, the degree of priority of protocol isdescribed as being “p-21”, the degree of priority of TCP socket as“t-21”, and the degree of priority of UDP socket as “NULL”. The methodof describing the degree of priority of protocol, the degree of priorityof TCP socket, and the degree of priority of UDP socket, etc. is thesame as that of Embodiment-13.

Example 1 For Determining the Degree of Priority

The manner in which the degree of priority is determined will bedescribed with reference to the flowchart in FIG. 86. The access controlapparatus 17100-2 receives the ICS user packets F01 and F02 from the ICSnetwork communication line almost at the same time, and obtains the ICSnetwork address appropriated to the ICS logic terminal (Step S2700).Next, the procedures for control of transmitting priority degree are asfollows. The “transmitting priority degree” code for both ICS userpackets F01 and F02 is “ps-7821”, and then according to portion table ofthe conversion table 17113-2, the degree of priority of protocol for“ps-7821” is specified as being “p-21”, the degree of priority of TCPsocket as “t-21”, and the degree of priority of UDP socket as “NULL”.Further, looking at other portion table comprising the conversion table17113-2, the degree of priority of protocol “p-21” dictates that thedegree of priority is, in descending order, TCP, UDP, ICPM, and IGPM,and with regard to the degree of priority of TCP socket “t-21”, thedictated order of degree of priority of is, in descending order, “sk-21”and “sk-27”, and the contents of the socket signal “sk-21” indicate thatthe IP address comprising the sender's socket number is “2100” and thatthe sender's port number thereof is “30”. The protocol type indicatedwithin the ICS user packet F01 is “TCP”, the sender's ID address is“2100”, and the sender's port number is “30”. On the other hand, theprotocol type indicated within the ICS network packet F02 is “TCP”, thesender's ID address is “2110”, and the sender's port number is “30”. Inthe present embodiment, it can be understood that it is the ICS networkpacket F01 that has the protocol type and the intended receiver's socketnumber that matches with the specifications of the aforementioned socketcode “sk-21”. Based on the above procedures, it is determined that theICS user packet to be sent out with higher priority is F01 (Step S2710).

Next, the system checks whether or not the ICS network address “7721”provided to the logic terminal which received the ICS user packet F01 isregistered on the conversion table 17113-2 with the requestidentification as virtual dedicated line connection “3” (Step S2720).The subsequent steps are the same as the steps S2730 through S2770described with the other embodiments, and at the end ICS encapsulationis performed (Step S2780), and the ICS network packet NF01 is sent intothe ICS 17000-2 with priority (Step S2790).

<<Another Example for Determining the Degree of Priority >>

Regarding example 2 for determining the degree of priority wherein theaccess control apparatus 17100-2 receives the ICS user packets F03, F04and F05 from the ICS logic terminal of the line portion 17111-2 providedwith ICS network address “7822” almost at the same time; example 3 fordetermining the degree of priority wherein the access control apparatus17100-2 receives the ICS user packets F06 and F07 from the ICS logicterminal of the line portion 17111-2 provided with ICS network address“7823” almost at the same time; example 4 for determining the degree ofpriority wherein the access control apparatus 17100-2 receives the ICSuser packets F08 and F09 from the ICS logic terminal of the line portion17111-2 provided with ICS network address “7824” almost at the sametime; and example 5 for determining the degree of priority wherein theaccess control apparatus 17100-2 receives the ICS user packets F10 andF11 from the ICS logic terminal of the line portion 17111-2 providedwith ICS network address “7823” almost at the same time: the method fordetermining the degree of priority is the same as example 1 fordetermining the degree of priority, as shown in the portion tablecomprising the conversion table 17113-2, and description thereof will beomitted.

Embodiment-15 Multiple Communication

The description of the present embodiment will be made with reference toFIG. 85 through FIG. 87. An ICS 18000-1 includes access controlapparatuses 18140-1, 18141-1, 18142-1, 18143-1 and 18144-1, a conversiontable within the access control apparatus 18140-1 being 18195-1 and theconversion table within the access control apparatus 18141-1 being18196-1. The conversion table 18195-1, as with the conversion table6013-1, contains specified values “1”, “2”, “3” and “4” for requestidentification, and correspondingly, intra-corporation communication,inter-corporation communication, virtual dedicated line connection, andICS network server connection can be made within a single access controlapparatus. The conversion table 18196-1, contains only the specifiedvalue “3” for request identification, enabling virtual dedicated lineconnection. The ICS network server 18160-1 is connected to the accesscontrol apparatus 18140-1 via an ICS network communication line. A block18184-1 is an FR network or an ATM network; in the event that 18184-1 isan FR network.

LANs 18110-1 and 18130-1 are each connected with access controlapparatuses 18140-1 and 18142-1 via an ICS user logic communicationline. The gateways 18171-1 and 18172-1 are connected to the accesscontrol apparatus 18140-1 or 18141-1, via an ICS user logiccommunication line. LAN 18120-1 includes a plurality of IP terminals,18121-1, 18122-1 and 18123-1. Now, the term “IP terminal” refers to aterminal which has the functions of sending and receiving IP userpackets. The IP terminals 18150-1 and 18151-1 are each via accesscontrol apparatuses 18143-1, 18144-1, and an ICS user logiccommunication line. The ICS network communication line 18191-1 connectsthe conversion unit 18181-1 with the access control apparatus 18141-1,and the ICS network communication line 18192-1 connects the conversionunit 18182-1 with the access control apparatus 18141-2.

ICS user packet sent from the LAN 18120-1 or LAN 18110-1 is, uponarrival to the access control apparatus 18140-1, ICS-encapsulated inorder to receive one of the communication services of intra-corporationcommunication, inter-corporation communication, virtual dedicated lineconnection, or ICS network server connection, following control of therequest identification values “1”, “2”, “3” or “4” listed in theconversion table 18195-1. Also, an ICS user packet sent from the gateway18172-1, upon arrival to the access control apparatus 18140-1, isICS-encapsulated in order to receive virtual dedicated linecommunication service filling the control of the request identification“3” listed on the conversion table 18196-1, passes through theconversion unit 18181-1 via the ICS network communication line 18191-1,further passes through the FR network or ATM network 18184-1, passesthrough the conversion unit 18182-1, passes through the ICS networkcommunication line 18192-1, and is delivered to the access controlapparatus 18142-1. For the FR network or ATM network 18184-1 here, fixedconnection with the other party (PVC) which is a known art is used asthe function of the FR network or ATM network. Thus, according to theabove-described procedures, transfer of ICS user packets is realized.

<<Partial Change to Above Embodiment: Variation>>

Description will be made with reference to FIG. 90. As with ICS 18000-1,ICS 18000-2 also include multiple access control apparatuses, and areconnected with LANs and IP terminals through the access controlapparatuses. The FR network or ATM network 18184-1 in FIG. 87 isreplaced with FR network or ATM network 18200-1; the access controlapparatus 18141-1, the conversion unit 18181-1, and the ICS networkcommunication line 18191-1 are replaced with PVC interface conversionunit 18210-2; the access control apparatus 18142-1, the conversion unit18182-1, and the ICS network communication line 18192-1 are replacedwith PVC interface conversion unit 18220-2; and further, the gateways18171-1 and 18172-1 are replaced with a gateway 18230-2. Now, in theevent that a block 18200-2 is an FR network, the PVC interfaceconversion units 18210-2 and 18220-2 are functions for converting theICS user packet into the FR packet format, and reverse-convertingthereof. In the event that 18200-2 is an ATM network, the PVC interfaceconversion units 18210-2 and 18220-2 are functions for converting theICS user packet into the ATM frame format, and reverse-convertingthereof. Transfer of ICS use packet according to this variation isrealized by using the functions of fixed connection with the other party(PVC) by the FR network or ATM network.

Embodiment-16 Operation of ICS

Description will be made with reference to FIGS. 91 and 92. The ICS19000-1 includes: VAN 19010-1, VAN 19020-1, access control apparatuses19300-1, 19310-1, 19320-1 and 19330-1, relay devices 19400-1, 19410-1,19420-1 and 19430-1, inter-VAN gateway 19490-1, and server devices19500-1, 19510-1, 19520-1, 19530-1 and 19540-1. Each server is providedwith an ICS network address, and has a plurality of ICS network serverstherein. These plurality of ICS network servers are distinguished byport numbers used with TCP communication protocol or UDP communicationprotocol. The access control apparatuses 19300-1, 19310-1, 19320-1 and19330-1 each include conversion tables 19301-1, 19311-1, 19311-1 and19311-1, each includes conversion table servers 19731-1, 19732-1,19733-1 and 19734-1, and also includes domain name servers 19741-1,19742-1, 19743-1 and 19744-1, and also includes resource administrationservers 19751-1, 19752-1, 19753-1 and 19754-1, the relay device 19400-1includes a path information server 19761-1 and resource administrationserver 19755-1, the relay device 19410-1 includes a path informationserver 19762-1, the relay device 19420-1 includes a path informationserver 19763-1, the relay device 19430-1 includes a path informationserver 19764-1, the server device 19500-1 includes a user service server19711-1 and ICS authority server 19721-1, the server device 19510-1includes a governing resource administration server 19750-1 andgoverning resource administration server 19760-1, the server device19520-1 includes a user service server 19712-1 and ICS authority server19722-1, the server device 19530-1 includes an ICS network server19980-1 which has an ICS user address “1200” and performs electroniclibrary services, and anICS network server 19981-1 which has an ICS useraddress “1300” and performs travel information services, the serverdevice 19540-1 includes a governing resource administration server19720-1, governing domain name server 19740-1, governing conversiontable server 19730-1, and governing user service server 19710-1.

The above-described access control apparatuses, relay device, serverdevices, and VAN gateways are connected by the ICS network communicationlines 19040-1, 19041-1, 19042-1 and 19043-1, so as to be able toexchange information one with another using ICS network communicationfunctions. The server devices are formed by, e.g., giving the ICSnetwork communication function to a computer, with programs runningtherein for realizing server functions.

A block 19110-1 is an FR network, and the conversion units 19111-1 and19112-1 are for performing interface conversion with the communicationlines of the FR exchange network and the ICS communication linestransferring ICS network packets. Also, a block 19900-1 is an ATMnetwork, and the conversion units 19901-1 and 19902-1 are for performinginterface conversion with the communication lines of the ATM exchangenetwork and the ICS communication lines transferring ICS networkpackets.

In the embodiment, connected outside of the ICS 19000 are LANs 19600-1,19601-1, 19602-1, 19603-1, 19604-1 and 19605-1, and IP terminals 19606-1and 19607-1 having functions for sending and receiving ICS networkpackets.

<<Hierarchical Structure of the ICS Network Server>>

Description will be made with FIGS. 93 through 98. The governing userserver 19710-1 has superior controlling authority in instructing theuser service servers 19711-1 and 19712-1 or requesting individualinformation reports, the meaning of superior controlling authority beingillustrated in a tree-structure diagram in FIG. 93. A block 19811-1 is acommunication path for information exchange between the governing userservice server 19710-1 and the user service server 19711-1, and iscomprised of ICS communication lines and relay device, among others. Thegoverning resource administration server 19720-1, the governingconversion table server 19730-1, the governing domain name server19740-1, the governing resource administration server 19750-1, and thegoverning resource administration server 19760-1 are also the same, eachbeing shown in FIGS. 94 through 98. Now, in the present embodiment,there are two layers in the tree-structure hierarchy, but this can beincreased to three or more layers by increasing the name of accesscontrol apparatuses, relay devices, servers devices, etc., places withinthe ICS. The path information service is provided with the functions ofsending and receiving inside the ICS, a path table used by the relaydevices and access control apparatuses. The resource administrationserver is provided with administration functions of keeping up onmounting information or obstruction information of the relay devices,access control apparatuses and server devices.

<<Operation of ICS 19000-1 by ICS Operator>>

The ICS operators 19960-1 and 19961-1 provide instructions such asoperation start-up to, or request reports of individual informationfrom, the governing user service server 19710-1, the governingconversion table server 19730-1, the governing resource administrationserver 19750-1, and the governing resource administration server19760-1, thereby facilitating operation of the ICS 19000-1.

<<Operation of ICS 19000-1 by ICS Authority>>

The ICS authority 19950-1 provides instructions such as the operationstart-up to, or request reports of individual information from, thegoverning resource administration server 19720-1 and the governingdomain name server 19740-1, thereby facilitating administration ofaddresses and the like used in the ICS 19000-1.

<<Socket Number and Server>>

The ICS servers each have ICS user addresses and ICS network addresses,but an addition to the other embodiments is that the above servers have,in addition to ICS network addresses, port numbers stipulated by TCP orUDP communication protocol. That is, each of the aforementioned serversis identified by a 32-bit ICS network address and a 16-bit port number,making for a value with a total of 48 bits (this being referred to as“socket number”). Each server includes programs which have peculiarfunctions operating within the ICS 19000-1, and further, there areservers among these which have “operating interface”, as describedlater. Now, the “operating interface” is a function which performsexchange of information, and sends and receives instructions such asoperation of the various server functions or start-up or operation, withthe operator via a keyboard or the like. Each server provides accesscontrol apparatuses or relay devices, for example, with ICS networkaddresses, applies differing port numbers to the plurality of programswithin these devices (i.e., servers), distinguishing by the socketnumber. As described in the embodiments, each server has ICS networkcommunication functions, and can exchange information one with anotherusing the ICS network address and the port numbers.

<<Registration 1 to ICS of User: Inter-Corporation Communication and ICSNetwork Server>>

Description will be made with reference to FIG. 91, FIG. 92 and FIG. 99.An applicant 19200-1 to the ICS 19000-1 applies to the ICS receptionist19940-1 for ICS membership (procedure P100). The “Application receptiondata” is a usage item of ICS wherein the ICS user address, the ICSnetwork address, and the ICS name has been deleted, and is comprised of,e.g., request identification (classification of intra-corporationcommunication, inter-corporation communication, virtual dedicated lineconnection, or ICS network server connection), communication bandconditions such as speed class and priority, billing conditions,open-zone connection conditions, payment method, name and address ofuser (personal ID data), signing conditions, encryption conditions andso on.

The ICS receptionist 19940-1 enters the above “application receptiondata” to the user service server 19711-1 via the “operating interface”,and stores the “application reception data” in the user database 19611-1(procedure P110). Next, the user service server 19711-1 requests of theICS authority server 19721-1 the ICS user address, ICS network addressand ICS name, using the ICS network communication functions (proceduresP120). The ICS authority server 19721-1 appropriates the requestedaforementioned ICS address and ICS name using the ICS network addressappropriation record table 19622-1 (FIG. 100) and the ICS user addressappropriation record table 19623-1 (FIG. 101) stored within the database19621-1 (procedure P130), stores the appropriation results in theaforementioned appropriation tables, and further returns theappropriation results to the user service server 19711-1 (procedureP140). The user service server 19711-1 stores the appropriation resultsobtained from the ICS authority server 19721-1 in the user database19611-1 (procedure P150).

FIG. 100 is an example of the ICS network address appropriation recordtable 19622-1, and in the first line of this table there is an examplewhich states beforehand that an ICS network address “7700” has beenappropriated to ICS logic terminal identifying code LT-001 of the nodeidentifying code ACU-1, that the appropriate identifying code is user-1,that the date of appropriation is Apr. 1, 1998, and that the nodeidentifying code ACU-1 points to the access control apparatus 19300-1.Also, in the third line of this table there is an example which statesbeforehand that an ICS network address “6930” has been appropriated toport number “620” of the node identifying code SVU-1, that theappropriate identifying code is Sc-001, that the date of appropriationis Feb. 1, 1998, and that the node identifying code SVU-1 points to theserver device 19530-1.

FIG. 101 is an example of an ICS user address appropriation recordtable, and in the first line of this table there is an example whichstates that the ICS name address “4610” has been appropriated with anICS name (also called an ICS domain name) of “dd1.cc1.bb1.aa1.jp”, thatthe request identification value is “2”, that the appropriateidentifying code is user-1, and that the date of appropriation is Apr.1, 1998. Further, in the fourth line of this table there is an examplewhich states that the ICS name address “1200” has been appropriated withan ICS name of “rr1.qq.pp.jp”, that the request identification value is“4”, that the appropriate identifying code is Sv-001, and that the dateof appropriation is Feb. 1, 1998.

The user service server 19711-1 provides information to the conversiontable server 19731-1 via the ICS network communication function so as towrite the application contents of the usage applicant 19200-1 and theobtained ICS network address into the conversion table 19301-1 in theaccess control apparatus 19300-1 (procedure P160). The contents to beprovided are: transmitting ICS network address, sender ICS user address,request identification, speed class, priority, signing conditions,encryption conditions, open-zone class and so on. Also, in the eventthat the aforementioned ICS network address and ICS user address have arequest value of “2”, i.e., inter-corporation communication,registration is made as transmitting ICS network address and sender ICSuser address. In the event that the request value is “4”, i.e., ICSnetwork server, registration is made as receiving ICS network addressand receiver ICS user address. The conversion table server 19731-1 addsthe above contents to the conversion table 19301-1 (procedures P170).The receiving ICS network address and the receiver ICS user address arenot registered in the conversion table 19301-1 at this time, but areregistered in the conversion table 19301-1 at the time of “registrationof other party of communication”, later described in the presentembodiment.

Next, the conversion table server 19731-1 notifies the ICS domain nameserver 19641-1 of the ICS network address, the ICS user address and theICS name (procedure P180). The ICS domain name server 19641-1 writes theabove received ICS network address, ICS user address and ICS name in thedatabase therein and stores them (procedure P190), and reportscompletion of writing to the conversion table server 19731-1 (procedureP200). The conversion table server 19731-1 confirms this report(procedure P210), reports completion of the series of procedures to theuser service server 19711-1 (procedure P220), the user service server19711-1 confirms this report (procedure P230), and informs the usageapplicant of the appropriation results, namely, the ICS user address andICS name (procedure P240). Incidentally, the ICS network address is usedonly within the ICS, so the usage applicant is not notified of this. Inthe event that the request value is “4”, i.e., ICS network server, theuser service server 19711-1 notifies all conversion table servers withinthe ICS 19000-1 at the time of the procedure P160, and requestsregistration to the conversion table of all access control apparatuses.

<<Re-Writing Administration of Conversion Table by Governing ConversionTable Server>>

Description will be made with reference to procedures 800 through 960 tothe bottom of FIG. 99 and FIG. 91, FIG. 92, FIG. 95. The governingconversion table server 19730-1 instructs the conversion table server19731-1 to re-write the contents of the conversion table 19301-1, e.g.,speed class priority, transmitting ICS network address, a part or all ofother items in the conversion table (procedure P800), and the conversiontable server 19731-1 changes the contents of the conversion table19301-1 according to the instructions (procedure P810). Also, the domainname server 19741-1 is instructed to re-write the ICS network addressand the like (procedure P820), the domain name server 19741-1 followsthe instructions and updates the internal table (procedure P830),reports the results to the conversion table server 19731-1 (procedureP840), the conversion table server 19731-1 confirms (procedure P850),and reports to the governing conversion table server 19730-1 (procedureP860). Also, the governing conversion table server 19730-1 instructs theuser service server 19711-1 to re-write the contents of the userdatabase 19611-1, such as speed class, ICS network address, etc.(procedure P900), and the user service server 19711-1 follows theinstructions and updates the contents of the user database 19611-1(procedure P910). Also, the ICS network addresses, ICS user address, andICS names which have become unnecessary to the ICS authority server19721-1 are returned, or new requests are made (procedure P920), the ICSauthority server 19721-1 follows these instructions and updates the ICSnetwork address appropriation record table 19622-1 and the ICS useraddress appropriation record table 19623-1 (procedure P930), reports theresults thereof to the user service server 19711-1 (procedure P940), theuser service server 19711-1 confirms the report (procedure P950), andreports to the governing conversion table server (procedure P960).

In the above description, an arrangement may be used wherein first, thegoverning conversion table server 19730-1 calls up the user serviceserver 19711-1 and performs the aforementioned procedures P900 throughP960, and then secondly calls up the conversion table server 19731-1 andperforms the aforementioned procedures P800 through P860. With such anarrangement, the ICS operator 19960-1 instructing re-writing of thecontents of the access control table to the governing conversion tableserver 19730-1 enables exchanging of the conversion table within theaccess control apparatus and the address information related theretowith domain name servers and ICS authority servers which haveadministration, thereby facilitating ease of re-writing management ofthe contents of a conversion table with consistency, i.e., ease ofupdating management of all conversion tables within the access controlapparatuses within the ICS 19000-1.

<<Registration of Other Party of Communication>>

FIG. 105 will be described. A usage applicant for the ICS 19000-1applies for registration of other party of communication to the ICSreceptionist 19940-1 along with the domain name of the other party ofcommunication (procedure P300). The ICS receptionist 19940-1 receivesthe domain name of the other party of communication (procedure P310),and sends it to the conversion table server 19731-1 (procedure P320).The conversion table server 19731-1 exchanges information with thedomain name servers 19740-1, 19742-1, etc. (procedures P330 and P331),obtains the ICS network address and the ICS user address correspondingwith the domain name of the other party of communication regarding whichthere was inquiry, updates the contents of the conversion table 19301-1(procedure P340), and reports the results (procedures P350 and P360).The updated results are shown to the conversion table 19301-2. The ICSnetwork address obtained here is registered in a conversion table suchas shown in FIG. 106 as a receiving ICS network address, and the ICSuser address obtained here is registered as a receiver ICS user address.Incidentally, in the case of an ICS network server, the spaces for theICS network address and the ICS user address remain blank.

<<Registration 2 to ICS of User: Intra-Corporation Communication andVirtual Dedicated Line>>

Description will be made with reference to FIG. 107. The difference withintra-corporation communication as compared to the aboveinter-corporation communication is that an ICS user address is handed inand an ICS name cannot be used, accordingly, there is no appropriationof the ICS names, and there are no procedures for using ICS names(procedures P180, P190 and P200). First, an applicant 19200-1 to the ICS19000-1 applies to the ICS receptionist 19940-1 for ICS membership(procedure P400). The “Application reception data” is a usage item ofICS wherein the ICS network address and the ICS name has been deleted,and is comprised of, e.g., ICS user address, request identification(classification of intra-corporation communication, inter-corporationcommunication, virtual dedicated line connection, or ICS network serverconnection), speed class and priority, etc., the same as with theprevious inter-corporation communication. The ICS user address furthershows a plurality of pairs for both sender ICS user address and receiverICS user address. Also, in the case of a virtual dedicated lineconnection, the sender ICS user address and the receiver ICS useraddress are not shown; this is what is different as compared to theintra-corporation communication.

The ICS applicant 19940-1 enters the above “application reception data”to the user service server 19711-1 via the “operating interface”, andstores the “application reception data” in the user database 19611-1(procedure P410). Next, the user service server 19711-1 requests of theICS authority server 197231-1 the ICS user address, the ICS networkaddress and the ICS name, using the ICS network communication function(procedures P420). The ICS authority server 19721-1 appropriates onlythe ICS network address as with the above procedure P130 (procedureP430), records the appropriation results in the aforementionedappropriation tables, and further returns the appropriation results tothe user service server 19711-1 (procedure P440). The user serviceserver 19711-1 stores the appropriation results obtained from the ICSauthority server 19721-1 in the user database 19611-1 (procedure P450).

The user service server 19711-1 notifies the conversion table server19731-1 of the application contents and the obtained ICS network address(procedure P460), the conversion table server 19731-1 adds the abovecontents to the conversion table 19301-1 (procedure P370), and reportscompletion of registration (procedures P480 and P495). FIG. 108 showsand example of registration to the conversion table 19301 of theintra-corporation communication and the virtual dedicated line.

<<Description of Domain Name Server>>

An example of 4-layer hierarchy will be described with reference to FIG.109 and FIGS. 110 to 112, regarding the procedures P330 and P331regarding the domain name server in the description of FIG. 105. The ICSnetwork address of the internal table 19600-1 of the domain name serverwhich is the object of the domain name “root” is “9500”, and domainnames “a1”, “a2”, “a3” and so forth exist below, indicating, e.g., thatthe ICS network address of the domain name server which handles thedomain name “a1” is “9610”, and the port number is “440”. The ICSnetwork address of the internal table 19610-1 of the domain name serverwhich is the object of the domain name “a1” is “9610”, and domain names“b1”, “b2”, “b3” and so forth exist below, indicating, e.g., that theICS network address of the domain name server which handles the domainname “b2” is “9720”, and the port number is “440”.

The ICS network address of the internal table 19620-1 of the domain nameserver which is the object of the domain name “b1” is “9720”, and domainnames “c4”, “c5”, “c6” and so forth exist below, indicating, e.g., thatthe terminal space for the domain name “c5” is YES, meaning that thereare no more domain names below, and that in this example, the ICSnetwork address of the ICS name “c5.b2.a1.” is “9720”, and that the ICSuser address is “4510”. Also, the record of the internal table 19620-1of the domain name server, i.e., the ICS name (ICS domain name), the ICSnetwork address and the ICS user address “4610” are considered to be onegroup of data and referred to particularly as a “resource record” of thedomain name server.

<<Calling Domain Name Servers>>

With reference to FIG. 113, description will be made regarding theprocedures in which the conversion table server 19630-1 calls the domainname servers 19640-1, 19650-1 and 19660-1, and searches for the ICSnetwork address and the ICS user address corresponding with the domainname “c5.b2.a1.”. The conversion table server 19630-1 enters the domainname “c5.b2.a1.” in the resolver 19635-1 in the conversion table. Theresolver 19635-1 sends the ICS packet 19641-1 including “a1” to the ICSdomain name server 19640-1, and an ICS packet 19642-1 including an ICSnetwork address “9610” of the ICS domain name server for “a1” isreturned. Next, The resolver 19635-1 sends an ICS packet 19651-1including “b2” to the ICS domain name server 19650-1, and an ICS packet19652-1 including an ICS network address “9720” of the ICS domain nameserver for “b2” is returned.

Next, the resolver 19635-1 sends an ICS packet 19661-1 including “c5” tothe ICS domain name server 19660-1, and an ICS packet 19662-1 includingan ICS network address “9820” for “c5” and an ICS user address “4520” isreturned. According to the above procedures, the conversion table server19630-1 obtains an ICS network address “9820” and an ICS user address“4520” corresponding with the domain name “c5.b2.a1.”.

<<Re-Writing of Conversion Table from an IP Terminal>>

Description will be made with reference to FIGS. 114 and 115. An ICSuser packet including the domain name “c5.b2.a1.” is sent from the IPterminal 19608-1 to the conversion table server 19731-1 (procedureP500). The conversion table server 19731-1 makes inquiry to the domainname server (procedure P510), the domain name server searches andobtains the ICS network address “9820” and the ICS user address “4520”corresponding with the domain name “c5.b2.a1.” (procedure P520), andreturns this to the conversion table server 19731-1 (procedure P530),the conversion table server writes this to the conversion table 19301-1(procedure P540), and reports to the IP terminal 19608-1 (procedureP550). In these procedures, the ICS network address “9820” is writteninto the conversion table as a receiving network address, and the ICSuser address “4520” as a receiver ICS user address, the re-writtenconversion table being shown in FIG. 103. Incidentally, FIG. 103 omitsthe items listed in the conversion table corresponding with the requestidentification included in FIG. 102.

Next, the IP terminal 19608-1 sends an ICS user packet to the conversiontable server 19731-1, including specification for changing the speedclass to “2”, with regard to the registered contents of the conversiontable 19301-1X (procedure P600). The conversion table server 19731-1re-writes the registration contents of the conversion table 19301-1X sothat the speed class is “2”, according to the specification (procedureP610), and reports to the IP terminal 19608-1 (procedure P620). Theconversion table re-written by these procedures is shown as 19301-Y(FIG. 104).

<<Moving a Terminal Between Access Control Apparatuses>>

As can be seen from the embodiment of the ICS user address appropriationrecord table 19623-1, the first line of this table appropriates ICS name“dd1.cc1.bb1.aa1.jp” to the ICS user address “4610”, and holds the ICSuser address and the ICS name. For example, in the event that a terminal19608-1 (FIG. 91) having an ICS user address “4610” is moved from theaccess control apparatus 19300-1 to the access control apparatus 19320-1(FIG. 92), and in the event that this terminal is appropriated a new ICSnetwork address “7821” for example, the conversion table has registeredtherein a transmitting ICS network address “7821” and a sender ICS useraddress “4610” as a pair. In this case, the ICS name“dd1.cc1.bb1.aa1.jp” is paired with the ICS user address “4610” asstipulated by the ICS user address appropriation record table 19623-1,and the ICS name is not changed. The resource record comprised of theICS name “dd1.cc1.bb1.aa1.jp” within the domain name server, the ICSnetwork address “7700”, and the ICS user address “4610”, is changed tothat having the ICS name “dd1.cc1.bb1.aa1.jp”, the ICS network address“7821” and the ICS user address “4610”. That is, the ICS network address“7700” is re-written to another address “7821”, but the ICS name“dd1.cc1.bb1.aa1.jp” and the ICS user address “4610” are not re-written.Summarizing this, the resource record of the domain name server and ICSuser address appropriation record table of the ICS authority server holdthe ICS user address and the ICS name, and there is no case in whichonly one is changed. Accordingly, in the event that a terminal is movedbetween access control apparatuses, there is no need to change the ICSuser address and ICS name of the terminal.

Other Embodiment Determination of ICS User Address by the User

This is an arrangement wherein the above embodiment has been changed sothat the user determines the ICS user address. That is, when the user(usage applicant 19200-1) applies to the ICS 19000-1, an ICS useraddress is added. The ICS receptionist 19940-1 includes the ICS useraddress in the application reception data. Also, the ICS authorityserver 19711-1 stores the ICS user address that the user has applied forin the ICS user address appropriation record table 19623-1. According tothe above method, the user can determine his/her own ICS user address,thus increasing freedom of usage.

Embodiment-17 Calling Other Party of Communication by Telephone Number

The present embodiment shows an example wherein using the telephonenumber as the ICS domain name allows sending and receiving of ICS userIP packet with the other party of communication, in which digitizedvoice is stored within the user IP packet, thereby facilitating publiccommunication using a telephone. In the present embodiment, descriptionwill be made with reference to the example wherein the telephone number81-3-1234-5678 in Tokyo, Japan, is viewed as being domain name“5678.34.12.3.81.” Here, “3” indicates Tokyo, and “81” indicates Japan.

Description will be made with reference to FIG. 116. An ICS 20000-1includes access control apparatuses 20010-1, 20020-1 and 20030-1, relaydevices 20080-1 and 20090-1, domain name servers 20110-1, 20120-1,20130-1, 20140-1 and 20150-1, and the access control apparatus 20010-1includes line portion 20011-1, a processing device 20012-1, a conversiontable 20013-1 and a conversion table server 20040-1. The conversiontable server 20040-1 is within the access control apparatus 20010-1, andan ICS network address of “7800” and port number of “600” areappropriated. The conversion table server 20040-1 is provided with anICS user address “4600” from outside of the ICS 20000-1, and appears tobe an ICS server having the functions of converting an entered domainname into an ICS user address and returning, and also registering theICS network address in the conversion table 20013-1 within the accesscontrol apparatus 20010-1.

A block 20210-1 is a LAN, blocks 20211-1 and 20300-1 are both IPterminals having the functions of sending and receiving ICS user frames,each having ICS user addresses “4520” and “1200”, and are connected tothe ICS 20000-1 via the ICS user logic communication line. IP terminal20300-1 can be used as a telephone and thus is referred to as an “IPtelephone”. The IP telephone 20300-1 includes a telephone number inputunit 20310-1, IP address accumulating unit 20320-1, voice datasending/receiving unit 20330-1, input buttons 20340-1, and voiceinput/output unit 20350-1.

<<Obtaining ICS User Address by Telephone Number>>

The telephone number “1234-5678” is entered into the telephone numberinput unit 20310-1 by the input buttons 20340-1. The telephone numberinput unit 20310-1 generates the ICS user packet P1201, and deliversthis to the access control apparatus 20010-1 via the ICS user logiccommunication line. Here, the ICS user packet is the sender ICS useraddress “1200” and the receiver ICS user address “4600”, and thetelephone number “1234-5678” entered by the input buttons 20340-1 isincluded in the data. The processing device 20010-1 looks at theconversion table 20013-1, and sends the ICS user packet P1201 to theconversion table server 20040-1 indicated by the ICS user address“4600”. Also, in the present embodiment, the conversion table server20040-1 is within the access control apparatus 20010-1, so there is noneed to user ICS network communication functions. Based on the telephonenumber “1234-5678” included in the data field of the ICS user packet,the conversion table server 20040-1 sequentially contacts domain nameservers 20130-1, 20140-1 and 20150-1, and obtains the ICS networkaddress “7920” and the ICS user address “4520” of the terminal 20211-1of the other party of communication in the event that the telephonenumber “1234-5678” is viewed as a domain name.

Next, the conversion table server 20040-1 creates a conversion table newitem 20030-1 using the two addresses “7920” and “4520” obtained here,generates an ICS user packet P1202 for the ICS user address “4520” andwrites the ICS user address “4520” therein and sends it to the IPtelephone 20300-1. The IP telephone 20300-1 combines the ICS useraddress “4520” contained in the received ICS user packet P1202 with thetelephone number “1234-5678” regarding which inquiry has already beenmade, and stores these in the IP address storage unit 20320-1, and usesit at a later day at the point that the ICS user address “4520”corresponding with the telephone number “1234-5678” becomes necessary.The aforementioned conversion table new item 20030-1 correlates the IPtelephone 20300-1 having the ICS network address “7820” and the ICS useraddress “1200” with the destination terminal 20211-1 specified by thetelephone number “1234-5678”. The conversion table new item 20030-1 isused as a new component of the conversion table 20013-1.

<<Communication Using ICS User Address>>

Voice is inputted from the voice input/output unit 20350-1, the voice isconverted into digital data at the voice data sending/receiving unit20330-1, stored in the ICS user packet P1210, and sent to thedestination specified by the telephone number “1234-5678”, i.e., to theterminal 20211-1 determined by the ICS user address “4520”. After this,telephone communication is performed by sending and receiving ICS userpacket between the two terminals 20211-1 and 20211-1.

<<Detailed Description of Domain Name Server>>

Regarding the above description, the method of the conversion tableserver presenting the telephone number “1234-5678” to the domain nameserver and obtaining the ICS network address “7920” and the ICS useraddress “4520” will be described in detail.

FIG. 118 is diagram illustrating an embodiment of a 6-layer hierarchy“domain name tree”, with root domain name “root-tel” being provided onLevel 1 of the tree, domain names “1” . . . “44” . . . “81” . . . “90” .. . existing on Level 2 which is lower on the tree, and domain names . .. “3” . . . “6” . . . for example existing on Level 3 beneath domainname “81”, and domain names . . . “11”, “12”, “13”, . . . for exampleexisting on Level 4 beneath domain name “3”, and further domain names .. . “33”, “34”, “35” . . . for example existing on Level 5 beneathdomain name “12”, and domain names . . . “5677”, “5678”, “5679” . . .existing on Level 6 beneath domain name “34”.

FIG. 119 illustrates the internal table 20131-1 of the domain nameserver 20130-1 handling the domain name “3”, and indicates that, e.g.,under domain name “3” the domain server 20140-1 which handles domainname“12” has an ICS network address of “8720” and a port number of “440”.FIG. 120 illustrates the internal table 20141-1 of the domain nameserver 20140-1 handling the domain name “12”, and indicates that, e.g.,under domain name “12” the domain server 20150-1 which handles domainname “34” has an ICS network address of “8820” and a port number of“440”. Also, FIG. 121 illustrates the internal table 20151-1 of thedomain name server 20150-1 handling the domain name “12”, and indicatesthat the endpoint for the domain name “5678” in the internal table20151-1 is YES, meaning that there are no more domain names below, andin this example, the ICS network address corresponding to the domainname “5678.34.12.3.18.” is “8920”, and the ICS user address thereof is“4520”.

<<Calling Domain Name Server>>

With reference to FIG. 122, description will be made of the proceduresfor the conversion table server 20040-1 calling the domain name servers20130-1, 20140-1 and 20150-1, and searching for the ICS network addressand the ICS user address corresponding with the domain name“5678.34.12.3.81.”. Now, the resolver 20041-1 has therein the ICSnetwork address of a domain name server handling the Level 1 domain“root-tel” shown in FIG. 119. Also, in the event that there is a greatdeal of communication with the domain name server which handle the Level2 and Level 3 domains, the ICS network addresses of the upper domainname servers thereof are stored in the resolver 20041-1.

The conversion table server 20040-1 inputs domain name “5678.34.12.”into the internal resolver 20041-1. The resolver 20041-1 has the ICSnetwork address “8610” of the server handling the domain name “3.81.”which indicates “81” for Japan and “3” for Tokyo, and sends an ICSpacket 20135-1 including the domain name “12” which is under the domainname “3” to the ICS domain name server 20130-1 using the ICS networkcommunication function, in response to which an ICS frame 20136-1including the ICS network address “8720” of the ICS domain name server20140-1 which handles the domain name “12” is returned. Next, theresolver 20041-1 sends an ICS packet 20145-1 including the domain name“34” to the ICS domain name server 20140-1, in response to which an ICSpacket 20146-1 including the ICS network address “8820” of the ICSdomain name server 20146-1 which handles the domain name “34” isreturned.

Next, the resolver 20041-1 sends an ICS packet 20155-1 including thedomain name “5678” to the ICS domain name server 20150-1, in response towhich an ICS packet 20156-1 including the ICS network address “7920” and“ICS user address 4520” of the ICS domain name server 20156-1corresponding with the domain name “5678” is returned. According to theabove procedures, the conversion table 20040-1 obtains the ICS networkaddress “7920” and the ICS user address “4520” corresponding to thedomain name “5678.34.12.3.81.”.

<<Telephone line connection >>

There is a telephone line conversion unit 20510-1 within the lineportion 200011-1, and the telephone 20520-1 is connected to thetelephone line conversion unit 20510-1 via the telephone line 20530-1.The telephone line conversion unit 20510-1 has the same function asthose described in the other embodiments, and generates an ICS userpacket sorted in the data field, as will as converting voice sent fromthe telephone line 20530-1 into digitized voice. Also, ICS user packetwhich is sent in reverse, i.e., from the ICS network to pass through theaccess control line portion, have the digitized voice stored thereinconverted into analog voice in the telephone line conversion unit20510-1, or in the event of an ISDN line, converted into digitizedvoice. According to such an arrangement, the IP terminal 20300-1provided with an ICS domain name and the telephone 20520-1 can performcommunication by telephone voice.

(Connecting to a Public Telephone Network)

Further, the telephone line conversion unit 20510-1 and the privateexchange 20600-1 are connected by a telephone line 20530-2. Telephones20520-2 and 20520-3 are connected with a private telephone line 20540-1extending from the private exchange 20600-1, and a telephonecommunication can be carried out between the telephone 20520-2 and thetelephone 20300-1. Also, connection can be made via the private exchange20600-1 to public telephone networks/international telephone network20680-1. Such an arrangement enables the telephone communication betweenthe telephones 20520-4 and 20300-1.

Embodiment-18 IP Terminal Capable of Connecting to Plural Access ControlApparatuses

The present embodiment does not fix the IP terminal having the functionsfor sending and receiving ICS user IP packets to a specific accesscontrol apparatus; rather, it realizes an IP terminal which can be movedand connected to other access control apparatuses and used, i.e.,capable of roaming. Roaming is realized based on the ICS domain nameprovided to the IP terminal.

<<Password Transmission Technique Using Cipher>>

The present embodiment includes procedures for ciphering a secretpassword PW and sending it from the sender (encoding (ciphering) side)to the receiver (decoding side). First, a ciphering function Ei and adecoding function Di will be described. The ciphering function Ei isrepresented by y=Ei(k1, x), and the decoding function Di is representedby x=Di(k2, y). Here, “y” denotes the ciphertext, “x” denotesplain-text, “k1” and “k2” are keys, and “i” represents cipher numbers(i=1, 2, . . . ) determining the secret key code and the public keycode, including how the value of the cipher key is to be used. In theabove, an arrangement may be used wherein plain-text x′ is cipheredinstead of plain-text x with x′=x∥r (wherein “r” is a random number),and discarding the random number r from the plain-text x′ upon decoding,thus obtaining the plain-text x. Such an arrangement generates adifferent ciphertext each time the same plain-text is ciphered, owing tothe random number, and it is said that such is less susceptible to codecracking.

(Example of cipher number i=1)<

<Preparation>>

The sender m discloses the domain name thereof (DNm) to the publicincluding the receiver. The receiver calculates Km=Hash-1 (DNm) usingthe secret data compression function Hash-1, and hands over only thecipher key Km using a safe method so as to be unnoticed by a thirdparty. This example is an example of using DES ciphering, and the senderholds an “ciphering module DES-e” for realizing the ciphering functionEi, and a cipher key Km. The cipher key Km is a secret value which thesender and receiver share. The receiver has the “decoding module DES-d”for realizing the decoding function Di, and the data compressionfunction Hash-1. What is used for the data compression function Hash-1is determined separately for each cipher number. A data compressionfunction is also referred to as a “hash function”.

<<Ciphering by Sender>>

The sender sets the secret password PW as x=PW, and ciphers asy=DES-e(Km, x) with the ciphering module DES-e and the cipher key Kmbeing held, thereby sending the ciphertext y and domain name DNm.

<<Decoding by Receiver>>

The receiver receives the ciphertext y and the domain name DNm,calculates the secret cipher key Km as Km=Hash-1 (DNm) using thereceiver's secret data compression function Hash-1, and the obtains theplaintext x as x=DES-d(Km, y) using the decoding module. The plain-textx is password PW, and the receiver can obtain the secret password PW. Athird party does not know the data compression function Hash-1 and thuscannot calculate the cipher key Km, and accordingly, cannot calculatethe secret password PW. In the above embodiment, as stipulation of thecipher number i=3, the ciphering functions and the decoding functionscan be replaced with ciphering functions and decoding functions otherthan DES code.

(Example of cipher number i=2)<

<Preparation>>

The present example is an example of employing RSA encoding, wherein thesender generates ciphering function y=x^(e) mod n and decoding functiony=x^(d) mod n. Here, e≠d holds, the key d being a secret value. Thesender hands to the receiver the disclosable ciphering keys e and n, andciphering module RSA-e for realizing y=x^(e) mod n. The sender holds theciphering keys and the ciphering module RSA-e. The sender does holdsneither the secret ciphering module nor secret data. On the other hand,the receiver holds n and the secret key d, and the ciphering moduleRSA-e for realizing y=x^(e) mod n.

<<Ciphering by Sender>>

The sender encodes the secret password PW, own domain name DNm, and timeof sending (year/month/day/hour/minute/second) as x=PW∥x1∥x2 (whereinx1: domain name DNm, and x2: year/month/day/hour/minute/second) andciphers as y=x^(e) mod n using the ciphering module RSA-e, thus sendingthe ciphertext y.

<<Decoding by Receiver>>

The receiver receives the ciphertext y and calculates x=y^(d) mod nusing the decoding module RSA-d held beforehand and the decoding key.The result is x=PW∥x1∥x2, so the data which is at a certain positionfrom the head of x is used as the password PW. In the above ciphering,domain name x1 and year/month/day/hour/minute/second x2 are used asrandom numbers. A third party does not know the secret key d and thuscannot calculate the secret password PW. In the above embodiment, asstipulations of the cipher number i=4, the values of the cipher keys e,d and n can be changed. Also, as stipulations of the cipher number i=5,the RSA ciphering technique can be replaced with a different public keyciphering technique.

<<Terminal Verification Technique Using Password and Random Number>>

Description will be made regarding verification technique fordetermining whether or not the password PW used by a roaming terminalagrees with the password registered in the verifying server. Asprerequisite conditions, the verifying server of the verifying entityand the terminal of the user to receive verification have a password PWthat is secret to a third party, with a ciphering function E (whereiny=E(k, x), y represents ciphertext, k represents ciphering key, and xrepresents plain-text). Specific procedures for terminal verificationwill now be described. The terminal of the user to receive verificationdecides upon a random number R using appropriate means, calculatesY1=F(PW, R) using the password PW and function y=F(PW, R) and sends boththe random number R and the function Y1 to the verifying entity. Theverifying entity receives the random number R and the function Y1, andcalculates Y2=F(FW, R) using the received random number R, the passwordPW held within, and the function F, and checks whether or not Y1=Y2holds. In the event that there is a match, verification can be made thatthe owner of the terminal which is being verified is using the correctpassword PW, i.e., verification of the terminal can be made. In theabove technique, an arrangement in which the user to be verified cannotfreely select the random number R but rather the random number R isrestricted to depending on time (called a time random number) furtherincreases difficulty of a third party calculating the password. Insteadof the ciphering function used above, the secret data compressionfunction Hj may be used instead, for Y1, Y2=(PW, R).

<<Overall Configuration>>

FIGS. 123 and 124 illustrate an overview of the roaming techniqueaccording to the present embodiment, wherein the ICS 21000-1 includesaccess control apparatuses 21010-1, 21020-1, 21030-1, 21040-1, 21050-1and 21060-1, relay devices 21080-1, 21080-2 and 21080-3, verifyingservers 21100-1, 21101-1, 21102-1 and 21103-1, domain name servers21130-1, 21131-1, 21132-1 and 21133-1, a user service server 21250-1 andan ICS authority server 21260-1. The access control apparatus 21010-1 isprovided with a conversion table 21013-1, a conversion table server21016-1, a registration server 21017-1 and a connection server 21018-1.The access control apparatus 21020-1 is provided with a conversion table21023-1, a conversion table server 21026-1, a registration server21027-1 and a connection server 21028-1. The connection servers 21018-1and 21028-1 are provided with an ICS user address “6310”, and has thefunction to register access control apparatuses determined as necessaryto the IP terminal, or to connect thereto.

The conversion table server 21016-1 has a function for re-writing thecontents of the conversion table 21013-1, and the conversion tableserver 21026-1 has a function for re-writing the contents of theconversion table 21023-1. Also, the LAN 21150-1 has an IP terminal21151-1, the LAN 21160-1 has an IP terminal 21161-1, and a block 21171-1is an IP terminal. A block 21200-1 is a portable roaming terminal, andis identified by ICS domain name “c1.b1.a1.” provided uniquely withinthe ICS 21000-1.

<<Application for Use of Roaming Terminal>>

The owner of a roaming terminal 21200-1 indicates as an ICS usageapplicant 21270-1 a payment method for the roaming terminal 21200-1, andapplies to the ICS authority server 21260-1 via user service server21250-1 for an ICS domain name and an ICS user address. The paymentmethod represented by billing class “MNY”, e.g., in the event thatMNY=1, the charges are billed to the home IP (i.e., an IP terminal whichis connected to the access control apparatus in a fixed manner), in theevent that MNY=2, the charges are paid according to the record of theverifying server. The ICS authority server 21260-1 sets an ICS domainname “c1.b1.a1.” for using the roaming terminal 21200-1, and an ICS useraddress “1200”. Further, in order to be connected to the access controlapparatus 21010-1 in a fixed manner and use it, the owner of the IPterminal 21200-1 applies for an ICS network address to the ICS authorityserver 21260-1 via the user service server 21250-1. The user serviceserver 21250-1, upon obtaining the ICS network address, makes a requestto the conversion table server 21016-1 to set the ICS network address“8115” and the ICS user address “1200” in the conversion table 21013-1.

The ICS receptionist 21271-1 embeds inside the interior 21201-1 of theroaming terminal 21200-1 the following: ICS domain name “c1.b1.a1.”, ICSuser address “1200”, special ICS address for roaming terminals (called“roaming special number”) “1000”, ICS user address “6300” forregistration server, and ICS user address “6310” for connecting server,and further embeds inside the interior 21202-1 of the roaming terminal21200-1 the ciphering function Ei and decoding related data RP1. Now,RP1=Hj (domain name∥RP0) ∥RP0 (wherein RP0=NMY∥i∥j) holds, and thedomain name is “c1.b1.a1.”. MNY is the above-described billing class,“i” is a cipher number for typifying the cipher Ei, and “j” determinesthe type of Hash function Hj. Data compression function Hj is a secretdedicated function used only by the verifying server and the userservice server. The user does not hold the data compression function Hj,and does not even know Hj, and thus is incapable of generating coderelated data RP1.

<<Registration Procedure from Home IP Terminal>>

Description will be made with reference to FIG. 127. The roamingterminal user connects the roaming terminal 21200-1 to the position ofthe home IP terminal 21151-1. Next, the roaming terminal user decides ona password (PW) and enters this from the input unit 21204-1, and alsogenerates an ICS user packet PK01 using the ciphering function and thecoding-related data stored within the inner portion 21202-1, and sendsit to the access control apparatus 21010-1 via the ICS user logiccommunication line 21152-1 (procedures T10). The destination of the ICSuser packet PK01 is “6300” which points to the roaming registrationserver, and includes own ICS domain name “c1.b1.a1.”, cipher parameterPR1, ICS user address “1200”, expiration data “98-12-31”, ciphertext “y”which is the password that has been ciphered, “tg” (wherein tg=1 inorder to display registration procedures), and “Yes” or “No” for roamingconnection specification. The generation method employed for theciphertext “y” is the coding technique described earlier. For example,in the event that the cipher number=2, ciphertext “y” is generated withy=x^(e) mod n (whereinx=PW∥c1.b1.a1.∥year/month/day/hour/minute/second). The access controlapparatus 21010-1 looks at the conversion table 21013-1 and transfersthe ICS user packet PK01 to the registration server 21017-1 with thedestination “6300” (procedure T15). The registration server 21017-1 usesthe domain name “c1.b1.a1.” to call the verifying server 21100-1(procedure T20). Also, the method by which the registration server21017-1 calls the verifying server 21100-1 using the domain name is thesame as the method by which the connection server 21028-1 calls theverifying server 21100-1 using the domain name, the details thereofbeing described in detail later. The verifying server 21100-1 checks thecontents of the received ICS user packet PK01, and decodes theciphertext “y” using the earlier-described technique, therebycalculating the password PW. For example, in the event that the ciphernumber=2, the ciphertext “y” is decoded with x=yd mod n. This yieldsx=PW∥c1.b1.a1.∥year/month/day/hour/minute/second, so the password PW canbe obtained.

Next, the contents of the cipher parameter PP1 is RP1=Hj (domainname∥RP0)∥RP0 (wherein RP0=MNY∥i∥j), so the verifying server 21100-1uses the secret Hash function Hj held within the verifying server21100-1 and the obtained domain name “c1.b1.a1.” to calculate t=Hj(domain name∥RP0)∥RP0), and checks whether or not t=RP1 holds for thereceived RP1. If it holds, judgment is passed that the domain name“c1.b1.a1.”, the billing class MNT, and the cipher numbers “i” and “j”have not been tampered with. The verifying server 21100-1 checks forexcessive or insufficient registration contents, and in the event thatthe contents are normal, the registration results are registered in theverification table 21100-2; registration is not made in the event thereare insufficient registration contents.

This is illustrated in the verifying table 21100-2 in the line with theadministration number 1, with the domain name as “c1.b1.a1.”, ciphernumber “2”, billing class (MNY) “1”, value of calculated password PW“224691”, expiration date “98-12-31”, roaming connection of “Yes”, i.e.,acceptance of a roaming connection. At the time of generating the PK01in procedure T10, the aforementioned value of tg may be set to tg=2 androaming connection set to “No”. The password will not leak to a thirdparty, due to application of the above-described ciphering method.Roaming registration is reported by passing through the registrationserver 21017-1 (procedure T30), then the access control apparatus21010-1 (procedure T35), and reported to the roaming IP terminal(procedure T40). Further, an ICS user packet for changing the value ofthe password PW with tg=3 or changing the date of expiration with tg=4can be sent from the terminal 21200-1 via the ICS user logiccommunication line 21152-1, after the above procedure T40 has beencompleted. Incidentally, a method which can be employed for changing thepassword involves specifying the prior password.

<<Sending and Receiving User IP Packet while Traveling>>

An example will be described regarding connecting a roaming terminal21200-1 to the access control apparatus 21020-1 and sending andreceiving of user IP packet between domain name “c1.b1.a1.” of theroaming terminal 21200-1 and the other party of communication with adomain name “c2.b2.a2.”. The user inputs the following from the inputunit 21204-1: the domain name “c2.b2.a2.” of other party ofcommunication, “tg” which has been set to tg=5 for specifying sendingand receiving of user IP packet, own password PW, and “5” whichspecifies the roaming connection period in days (represented by TTL).The inside 21201-1 and 21202-1 of the roaming terminal 21200-1 is usedto this end. Also, the IP frame field 21203-1 is used for generating,and sending and receiving ICS user IP packets PK01, PK02, PK03, PK04 andso forth.

Next, the roaming terminal 21200-1 generates a user IP packet PK02, andsends it to the access control apparatus 21020-1 via the ICS user logiccommunication line 21210-1 (procedure T50). The user IP packet PK02includes the sender domain name “c1.b1.a1.”, receiver domain name“c2.b2.a2.”, cipher parameter RP2 and connection period (represented byTTL). The cipher parameter RP2 is data calculated with the password PWand the inside 21202-2. That is, year/month/day/second “yy-mm-dd-sssss”is generated and used as a time random number TR (TR=yy-mm-dd-sssss),and the clock of inside 21202-2 and the cipher function Ei is used tocalculate RP2=Ei(PW, TR)∥TR.

The access control apparatus 21020-1 receives the user IP packet PK02,obtains the ICS network address “7800” provided to the ICS logicterminal, and since the request identification from the conversion table21023-1 is “4” and further the sender ICS user address written to theuser IP packet PK02 is “1000” (i.e., roaming special number), the aboveICS network address “7800” is held, and is delivered with the ICS userpacket PK02 to the connection server 21028-1 pointed to by the receiverICS user address “6310” (procedure T60). The ICS network address “7800”obtained in this procedure will be used after the later-describedprocess T130.

<<Function of Connection Server>>

Next, the connection server 21028-1 calls the verifying server 21100-1using the domain name “c1.b1.a1.”, and transfers the domain name“c1.b1.a1.” and the cipher parameter RP2 to the verifying server(procedure T70). The verifying server 21100-1 reads the values of thepassword PW and cipher number written to the verifying table 21100-2,and selects cipher function Ei and reads the password PW. Next, thecipher parameter RP is RP2=Ei(PW, TR) TR, so the time random numberwhich is to the latter half of the RP2 is used to calculate t=Ei(PW,TR). In the event that the value of this temporary variable t calculatedhere matches the first half Ei(PW, T) of the received RP2, confirmationcan be made that the password PW entered into the terminal 21200-1 iscorrect. The time function TR includes the year/month/day (i.e.,TR=yy-mm-dd-sssss), so unauthorized access can be discovered in the casethat the received year/month/day does not match that time of processing.

Next, the verifying server 21100-1 reports the following items writtenin the verifying table 21100-2 to the connection server 21028-1(procedure T80): completion of roaming registration, billing class, andverifying server calling information (procedure T80). In the presentembodiment, the billing class is MNY=1, and the verifying server callinginformation is the ICS network address “7981” of the verifying server21100-1, port number “710” and administration number “1” of theverifying administration table. The connection server 21028-1 presentsthe domain name “c1.b1.a1.” to the domain name server, requests the ICSuser address and the ICS network address associated with the domain name(procedure T90), and obtains the ICS user address “1200” and the ICSnetwork address “8115” (procedure T110). In the same way, the connectionserver presents the domain name “c2.b2.a2.” to the domain name server,requests the ICS user address and the ICS network address associatedwith the domain name (procedure T110), and obtains the ICS user address“2500” and the ICS network address “8200” (procedure T120).

Next, the connection server 21028-1 informs the conversion table server21026-1 of the following (procedure T130): the ICS network address“7800” of the ICS logic terminal which has input the ICS user packet(held in procedure T60); the ICS user address “1200”, ICS user address“2500”, and ICS network address “8200”, just obtained from the domainname server; and also the completion of roaming registration, billingclass, and verifying server calling information received from theverifying server 21100-1.

The conversion table server 21026-1 writes the four address to theconversion table 21023-1 as received. The value of the requestidentification is “10”, meaning inter-corporation communication byroaming. In the event that the billing class is MNY=1, the ICS networkaddress “8115” and the ICS user address “1200” just obtained from thedomain name server are forwarded to the billing notification destinationof the conversion table 21023-1. Also, in the event that the billingclass is MNY=2, verifying server calling information is forwarded to thebilling notification destination of the conversion table 21013-1.Further, “5” which specifies the roaming connection period in days isalso written to the conversion table 21013-1. When the writing to theconversion table 21023-1 is completed, the conversion table server21026-1 reports the results to the connection server 21028-1 (procedureT140). This completion report is sent via the access control apparatus21020-1 (procedure T150) to the roaming terminal 21200-1 with the ICSuser packet PK03 (procedure T160).

Now, the ICS user packet PK03 includes the ICS user address “1200”associated with the domain name “c1.b1.a1.” of the roaming terminal21200-1, and the CS user address “2500” associated with the domain name“c2.b2.a2.” of the other party of communication. The corporationoperating the access control apparatus can charge the owner of theroaming terminal 21200-1 for the above usage of the connection server21028-1, i.e., the procedures for receiving the ICS user packet PK02 upto returning the ICS user packet PK03, and “5” which specifies theroaming connection period in days.

<<Using the Roaming Terminal>>

The roaming terminal 21200-1 can use the conversion table 21023-1created following the above-described procedures, to performinter-corporation communication (procedures T170 through T220). In theevent that “5” which specifies the roaming connection period in dayselapses, the conversion table server 21026-1 can delete the aboveroaming connection written in the inside of conversion table 21023-1.

<<Notification of Billing>>

The access control apparatus 21020-1 notifies the billing notificationdestination registered in the conversion table 21023-1 of thecommunication charges (procedure T300 or T310).

<<Method for Accessing the Verifying Server>>

On the above description, detailed description will be made regardingthe method for judging whether or not the verification request containedin the ICS network packet PK02 generated by the roaming terminal 21200-1due to the connection server 21028-1 presenting the domain name“c1.b1.a1.” to a plurality of verifying servers including verifyingserver 21100-1 is correct, i.e., whether or not the domain name“c1.b1.a1.” of the roaming terminal 21200-1 is registered with theverifying server.

An example of 4-layer hierarchy will be described with reference to FIG.128. A domain name “root” is provided on Level 1 of the tree, and domainnames “a1”, “a2”, “a3” . . . and so forth exist on Level 2 below, domainnames “b1”, “b2”, “b3”, and so forth exist on Level 3 below “a1” forexample, and domain names “c1”, “c2”, “c3” . . . and so forth exist onLevel 4 below “b1” for example.

FIG. 129 illustrates the internal table 21102-2 of the verifying server21102-1 handling the domain “root”, indicating, e.g., that the ICSnetwork address of the domain name server 21101-1 which handles thedomain name “a1” below the domain name “root” is “7971”, and the portnumber is “710”. Also, FIG. 130 illustrates the internal table 21101-2of the verifying server 21101-1 handling the domain “a1”, indicating,e.g., that the ICS network address of the domain name server 21100-1which handles the domain name “b1” below the domain name “a1” is “7981”,and the port number is “710”.

FIG. 131 illustrates the internal table 21100-2 of the verifying server21100-1 handling the domain “b1”, indicating, e.g., that the domain name“c1” below the domain name “b1” shows “YES” in the endpoint in theinternal table 21100-2, meaning that there are no more domain namesbelow, and that in this example, the domain name “c1.b1.a1” has beenregistered with the verifying server, and facts such that the passwordPW is “224691”, that the date of expiration is “98-12-31”, etc., arerecorded therein.

<<Calling Verifying Server>>

With reference to FIG. 132, description will be made regarding theprocedures in which the connection server 21028-1 calls the verifyingserver 21100-1 using the domain name “c1.b1.a1.”, and checks whether ornot the domain name “c1.b1.a1.” has been registered in the verifyingserver. Now, the connection server 21028-1 has therein the ICS networkaddress of the verifying server handling the domain “root” on Level 1shown in FIG. 128. Also, in the event that there is a great deal ofcommunication with the verifying servers which handle the Level 2 andLevel 3 domains, the ICS network addresses of the verifying serversthereof are held therein.

The connection server 21028-1 enters the domain name “c1.b1.a1.” in theinternal resolver 21029-1. The resolver 21029-1 sends the ICS frame21335-1 including “a1” under the domain name “root” and the cipherparameter RP2 to the verifying server 21102-1, and an ICS packet 21336-1including an ICS network address “7971” of the ICS domain name serverfor “a1” is returned. Next, the resolver 21029-1 sends an ICS packet21345-1 including “b1” to the verifying server 21101-1, and an ICSpacket 21346-1 including an ICS network address “7981” of the verifyingserver for “b1” is returned. Next, the resolver 21029-1 sends an ICSpacket 21355-1 including “c1” to the verifying server 21100-1, andregarding the domain name “c1”, the space for the endpoint of 21100-1 is“Yes” this time, so it can be judged that verification information hasbeen registered. In this way, “root”, “a1” and “b1” have been followedin order, so it can be understood that the verification information forthe reversed domain name “c1.b1.a1.” is registered in the internal table21100-2.

The verifying server 21100-1 checks the received cipher parameter RP,and checks that the expiration date “98-12-31” has not expired. Next,the verifying server 21100-1 reads the password PW and the value of thecipher number written in the verifying table, and selects cipherfunction Ei. The cipher parameter RP is RR2=Ei(PW, TR) 11 TR, so thetime random number TR to the latter half of RP2 is used to calculatet=Ei(PW, TR). In the event that the value of this temporary variable tcalculated here matches the first half Ei(PW, TR) of the received RP2,confirmation can be made that the password PW entered into the terminal21200-1 is correct. The above results are reported to the connectionserver 21028-1. Consequently, the connection server 21028-1 can know theverification results (authorized or denied) and the billing class MNY.

<<Other Embodiment of Roaming without a Home IP Terminal>>

In the above embodiment, in the event that the ICS receptionist does notset a home IP terminal, the earlier-described “Registration proceduresfrom home IP terminal” are performed via the user service server21250-1. In this case, the billing record “120” within the verifyingtable 21100-2 within the verifying server 21100-1, and the information“7981-710-1” of the verifying server presented to the billingnotification destination within the conversion table 21023-1, are used.

<<Another Embodiment of Roaming Wherein the Verifying Server is Includedin the Domain Name Server>>

The structure of the domain name tree shown in FIG. 128 that is theobject of verifying server 21110-1 is the same as the domain name treesthat are the object of domain name servers in other embodiments.Accordingly, each domain server is capable of storing the data of theverifying server described in the present embodiment, and include thefunction of a verifying server. That is, this other method of carryingout roaming is realized by integrating the verifying server described inthe present embodiment with the domain name server described in otherembodiments.

<<Access Control Apparatus and IP Terminal Connecting with WirelessTransceiver>>

A wireless transceiver 21620-1 is provided within the ICS 21000-1, andthe wireless transceiver 21620-1 and a wireless transceiver 21640-1 canexchange information one with another via a wireless communication path21625-1. The terminal 21630-1 includes the wireless transceiver 21640-1,and as with the case of the earlier-described IP terminal 21200-1, theterminal 21200-2 has functions for inter-corporation communication usingan ICS domain name. There is an information communication path 21620-1between the access control apparatus 21020-1 and the wirelesstransceiver 21620-1. The information communication path 21610-1 is likethe ICS user logic communication line in that it has functions forsending and receiving ICS user packet, and these are different in thatthe information communication path 21610-1 is within the ICS 21000-1.The wireless transceiver 21620-1 and the wireless transceiver 21640-1both have functions for receiving the ICS user packet, converting theinformation within the ICS user packet into ICS user packet informationin waveform format and transmitting them, and also reverse function,i.e., receiving ICS user packet information in waveform format andreverse-converting into ICS packet format and transmitting these.Accordingly, the ICS user packet sent out from the IP terminal 21200-2passes through the wireless transceiver 21640-1, wireless communicationpath 21625-1, wireless transceiver 21620-1, and informationcommunication path 21610-1, and is provided to the access controlapparatus. Also, an ICS packet sent out in the reverse direction, i.e.,sent from the access control apparatus 21020-1 passes through theinformation communication path 21610-1, the wireless transceiver21620-1, the wireless communication path 21625-2, the wirelesstransceiver 21640-1, and is delivered to the IP terminal 21200-2.

Embodiment-19 Closed-Zone Network Communication Using NetworkIdentifier, and Open-Zone Communication

A method for using a network identifier to restrict virtual dedicatedline service, intra-corporation communication service andinter-corporation communication service to within the closed-zone, and amethod for non-specifying the closed-zone specification of the networkidentifier, i.e., specifying open-zone, will be described. Here, thenetwork identifier is appropriated corresponding with the ICS useraddress.

<<Configuration>>

As shown in FIGS. 133 to 136, an ICS 22000-1 includes access controlapparatuses 22010-1, 22020-1, 22030-1 and 22040-1, and the accesscontrol apparatus 22010-1 includes a line portion 22011-1, a processingdevice 22012-1 and a conversion table 22013-1, the access controlapparatus 22020-1 includes a line portion 22021-1, a processing device22022-1 and a conversion table 22023-1, the access control apparatus22030-1 includes a line portion 22031-1, a processing device 22032-1 anda conversion table 22033-1, the access control apparatus 22040-1includes a line portion 22041-1, a processing device 22042-1 and aconversion table 22043-1, and blocks 22060-1, 22061-1, 22062-1, 22063-1and 22064-1 are each relay devices, and are interconnected and alsoconnected to one of the access control apparatuses, via the ICS networkcommunication line. Blocks 22101-1, 22102-1, 22103-1, 22104-1, 22105-1,22106-1, 22107-1, 22108-1, 22109-1, 22110-1, 22111-1 and 22112-1 areeach corporation LANs, and are each connected to the line portions ofone of the access control apparatuses via the respective gateways andthe ICS user logic communication line. Here, a block 22120-1 is agateway for LAN 22101-1, a block 22121-1 is an ICS user logiccommunications line, and the other gateways and ICS user logiccommunication lines are also in similar positions, as shown in FIGS. 133through 136.

Each LAN has 2 to 3 IP terminals having function for sending an IP userpacket, wherein the ICS user addresses are: for within LAN 22101-1,“1500” and “1510”; for within LAN 22102-1, “5200”, “5210”, and “5250”;for within LAN 22103-1, “1900” and “1910”; for within LAN 22104-1,“1100” and “1110”; for within LAN 22105-1, “4200” and “4210”; for withinLAN 22106-1, “1800” and “1810”; for within LAN 22107-1, “1920” and“1930”; for within LAN 22108-1, “5410” and “5420”; for within LAN22109-1, “1430” and “1440”; for within LAN 22110-1, “6500” and “1960”;for within LAN 22111-1, “1820” and “1830”; and for within LAN 22112-1,“4410” and “1420”.

In the above description, values “1000” through “1999” for the ICS useraddress indicate the ICS user addresses for the intra-corporationcommunication, values “2000” through “6999” for the ICS user addressindicate the ICS user addresses for the inter-corporation communication,and values “7000” through “9999” for the ICS network address indicatethe ICS network addresses. The ICS network server uses the ICS useraddress range (“1000” through “1999”) when performing theintra-corporation communication, and the ICS user address range (“2000”through “6999”) when performing the inter-corporation communication.Also, the ICS user addresses used for the intra-corporationcommunication can also be used for the inter-corporation communication.

<<Conversion Table Line and Network Identifier>>

Description will be made regarding “lines” in the conversion table. Forexample, in conversion table 22013-1, the example is that wherein: inthe first line, the value of request identification is “1”, the value oftransmitting ICS network address is “8100”, the value of sender ICS useraddress (intra-corporation) is “1500”, sender ICS user address(inter-corporation) is blank, the value of receiver ICS user address is“1100”, the value of receiving ICS network address is “7100”, the valueof the network identifier is “A001”, and other items are unfilled. Here,a blank space may mean “Null”. The “line” in the conversion table isalso referred to as a “record” of the conversion table. The networkidentifier is a symbol provided for sectoring off a section of the ICSnetwork and making that portion a net, and distinguishing the net, andmay be a numeral or a code. The network identifiers are provided perline in the conversion table. Incidentally, in the event that thenetwork is not to be a closed-zone network, this is indicated in eachline in the conversion table with “Open”, as shown in conversion table22033-1.

The operation will be described with reference to the flowcharts inFIGS. 141 and 142.

<<Closed-Zone/Intra-Corporation Communication>>

An ICS user frame S01 is sent out from an IP terminal having an address“1100” within the LAN 22104-1, and reaches the access control apparatus22020-1 via the ICS user logic communication line. At the time ofreceiving the ICS user packet S01 from the ICS logic terminal with theaddress “7100” of the line portion 22021-1, the access control apparatus22020-1 obtains the transmitting ICS network address “7100”, and furtherobtains the sender ICS user address “1100” and the receiver ICS useraddress “1500” from the ICS user packet S01 (Step SP100), and checkswhether the transmitting ICS network address “7100” is registered on theconversion table 22023-1 with the request identification as “3” (StepSP110). In this case, it is not registered, so next the access controlapparatus 22020-1 checks whether or not there is a record in theconversion table 22023-1 that contains all of the ICS network address“7100”, the sender ICS user address “1100”, and the receiver ICS useraddress “1500”, these having been obtained as described above (StepSP120). In this case, the existence of such is confirmed (Step SP130),and next, the sender ICS user address (intra-corporation) of this recordalone is recorded as “1100”, confirmation is made that the space for thesender ICS user address (inter-corporation) is blank, following whichreceiving ICS network address “8100” is obtained (Step SP160).

Next, an ICS encapsulation is performed using the transmitting ICSnetwork address “7100” thus obtained and the receiving ICS networkaddress “8100” (Step SP180), and the ICS network packet T01 thusobtained is sent out onto the ICS network communication line (StepSP190). The ICS network packet T01 passes through the relay devices22062-1, 22061-1 and 22060-1, and reaches the access control apparatus22010-1. The access control apparatus 22010-1, upon receiving the ICSnetwork packet T01 (Step ST100), confirms that the receiving ICS networkaddress “8100” written within the network control field (ICS capsule) ofthe ICS network packet T01 is registered as the transmitting ICS networkaddress “8100” within the conversion table 22013-1 (Step ST110), andthen performs the ICS reverse encapsulation (Step ST120), and sends theobtained ICS user packet S01 to the ICS logic communication line 12121-1connected to the address “8100” within the line portion 22011-1 (StepST130). Incidentally, in the event that the receiving ICS networkaddress “8100” is not registered within the conversion table 22013-1,the ICS network packet T01 is discarded (Step ST115).

<<Closed-Zone/Intra-Corporation Communication/Access to Network Server>>

An ICS user packet S02 is sent out from an IP terminal having an address“1100” within the LAN 22104-1. At the time of receiving the ICS userpacket S02 from the ICS logic terminal with the address “7100” of theline portion 22021-1, the access control apparatus 22020-1 obtains thetransmitting ICS network address “7100”, and further obtains the senderICS user address “1100” and the receiver ICS user address “6100” fromthe ICS user packet S02 (Step SP100), and checks whether the ICS networkaddress “7100” is registered on the conversion table 22023-1 with therequest identification as “3” (Step SP110). In this case, it is notregistered, so next the access control apparatus 22020-1 checks whetheror not there is a record in the conversion table 22023-1 that containsall of the ICS network address “7100”, the sender ICS user address“1100” and the receiver ICS user address “6100”, these having beenobtained as described above (Step SP120). In this case, thenon-existence of such is confirmed (Step SP130)

Next, search is made for a record identical to the above receiver ICSuser address “6100” from one or more records in the conversion tablewith a network identifier the same as the network identifier “A001”having the request identification value “4” in the conversion table22023-1 with the afore-mentioned ICS network address of “7100” and thesender ICS user address of “1100” (in this case, the third record fromthe top in the conversion table 22023-1), and the receiving networkaddress “9100” written to the record is found (Step SP170). Next, theICS encapsulation is performed using the transmitting ICS networkaddress “7100” and the receiving ICS network address “9100” thusobtained (Step SP180), and the ICS network frame T02 thus obtained issent out onto the network communication line (Step SP190). The ICSnetwork packet T02 passes through the relay devices 22062-1 and 22061-1,and reaches the ICS network server 22081-1. The same is true for the ICSuser packet S03 sent out from the IP terminal having the address “1110”within the LAN 22104-1, the network identifier is “A002”, and isICS-encapsulated to become the ICS network packet T03, and passesthrough the relay devices 22062-1 and 22061-1, and reaches the ICSnetwork server 22082-1.

<<Closed-Zone/Inter-Corporation Communication>>

An ICS user packet S04 is sent out from an IP terminal having an address“4200” within the LAN 22105-1. At the time of receiving the ICS userframe S04 from the ICS logic terminal with the address “7200” of theline portion 22021-1, the access control apparatus 22020-1 obtains thetransmitting ICS network address “7200”, and further obtains the senderICS user address “4200” and the receiver ICS user address “5200” fromthe ICS user packet S04 (Step SP100), and checks whether the address“7200” is registered on the conversion table 22023-1 with the requestidentification as “3” (Step SP110). In this case, it is not registered,so next the access control apparatus 22020-1 checks whether or not thereis a record in the conversion table 22023-1 that contains all of thetransmitting ICS network address “7200”, the sender ICS user address“4200” and the receiver ICS user address “5200”, these having beenobtained as described above (Step SP120). In this case, the existence ofsuch is confirmed (Step SP130), and next, the sender ICS user address(intra-corporation) of this record is blank, confirmation is made thatthe sender ICS user address (inter-corporation) alone is recorded as“4200” (Step SP160).

Next, the ICS encapsulation is performed using the transmitting ICSnetwork address “7200” thus obtained and the receiving ICS networkaddress “8200” (Step SP180), and the ICS network packet T04 thusobtained is sent out onto the network communication line (Step SP190).The ICS network packet T04 passes through the relay devices 22062-1,22061-1 and 22060-1, and reaches the access control apparatus 22010-1.The access control apparatus 22010-1, upon receiving the ICS networkpacke T04 (Step ST100), confirms that the receiving ICS network address“8200” written within the network control field (ICS encapsule) of theICS network frame T04 is registered as the transmitting ICS networkaddress “8200” within the conversion table 22013-1 (Step ST110), andthen performs the ICS reverse encapsulation (Step ST120), and sends theobtained ICS user packet S04 to the ICS logic communication lineconnected to the address “8200” (Step ST130).

<<Closed-Zone/Inter-Corporation Communication/Access to Network Server>>

An ICS user packet S05 is sent out from an IP terminal having an address“4200” within the LAN 22105-1. At the time of receiving the ICS userpacket S05 from the ICS logic terminal with the address “7200” of theline portion 22021-1, the access control apparatus 22020-1 obtains thetransmitting ICS network address “7200”, and further obtains the senderICS user address “4200” and the receiver ICS user address “6200” fromthe ICS user packet S05 (Step SP100), and checks whether the ICS networkaddress “7200” is registered on the conversion table 22023-1 with therequest identification as “3” (Step SP110). In this case, it is notregistered, so next the access control apparatus 22020-1 checks whetheror not there is a record in the conversion table 22023-1 that containsall of the transmitting ICS network address “7200”, the sender ICS useraddress “4200” and the receiver ICS user address “6200”, these havingbeen obtained as described above (Step SP120). In this case, thenon-existence of such is confirmed (Step SP130), and next, search ismade for a record identical to the above receiver ICS user address“6100” from one or more records in the conversion table with a networkidentifier the same as the network identifier “B001” having the requestidentification value “4” (ICS network server specification) in theconversion table 22023-1 with the aforementioned receiver ICS networkaddress of “7200” and the sender ICS user address of “4200” (in thiscase, the seventh record from the top in the conversion table 22023-1),and the receiving network address “9200” written to the record is found(Step SP170).

Next, the ICS encapsulation is performed using the transmitting ICSnetwork address “7200” and the receiving ICS network address “9200” thusobtained (Step SP180), and the ICS network packet T05 thus obtained issent out onto the ICS network communication line (Step SP190). The ICSnetwork packet T05 passes through the relay device 22062-1 and reachesthe ICS network server 22083-1. The same is true for the ICS user packetS06 sent out from the IP terminal having the address “4210” within theLAN 22105-1, the network identifier is “B002”, and is ICS-encapsulatedto become the ICS network frame T06, and passes through the relay device22062-1 and reaches the ICS network server 22084-1.

<<Communication from Network Server within ICS to Network Server Outsideof ICS>>

The IP terminal 22092-1 within the LAN 22102-1 is an “ICS externalserver”, comprised of an IP terminal placed outside the ICS 22000-1 andso forth. The ICS external server 22092-1 has an ICS user address“5250”, and is registered in the conversion table 22013-1 (ninth recordfrom the top in the in the conversion table 22013-1). However, thereceiver ICS user address and the receiving ICS network address spacesare blank, and are registered as being “Null”. At the time that the ICSinternal server 22084-1 sends out an ICS network packet T22, the ICSnetwork packet T22 passes through the relay devices 22062-1, 22061-1 and22060-1, and reaches the access control apparatus 22010-1 (Step SP100),confirmation is made that the transmitting IC network address is notregistered within the conversion table 22013-1 as “8200”, the ICSreverse encapsulation is performed (Step SP120) in order to form the ICSuser packet S22, which is sent toward the ICS external server 22092-1(Step SP130). For reverse direction communication, the ICS encapsulationis performed using the conversion table 22013-1, and delivery is made tothe ICS internal server 22084-1.

<<Closed-Zone/Virtual Dedicated Line>>

An ICS user packet S07 is sent out from an IP terminal having an address“1800” within the LAN 22106-1. At the time of receiving the ICS userpacket S07 from the ICS logic terminal with the address “7300” of theline portion 22021-1, the access control apparatus 22020-1 obtains thetransmitting ICS network address “7300”, and further obtains the senderICS user address “1800” and the receiver ICS user address “1900” fromthe ICS user packet S07 (Step SP100), and checks whether the ICS networkaddress “7300” is registered on the conversion table 22023-1 with therequest identification as “3”, i.e., as a virtual dedicated lineconnection (Step SP110). In this case, it is registered. Next the accesscontrol apparatus 22020-1 checks whether or not there is a record in theconversion table 22023-1 that contains the transmitting ICS networkaddress “7300” and the receiver ICS user address “1900”, these havingbeen obtained as described above (Step SP140). In this case, such doesnot exist, so the receiver ICS network address “8300” of the recordwherein the receiver ICS user address space is blank (or “Null”) withthe ICS network address “7300” in the conversion table 22023-1 is found(Step SP145), the ICS encapsulation is performed using the transmittingICS network address “7300” thus obtained and the receiving ICS networkaddress “8300” (Step SP180), and the ICS network packe T07 thus obtainedis sent out onto the network communication line (Step SP190). The ICSnetwork packet T07 passes through the relay devices 22062-1, 22061-1 and22060-1, and reaches the access control apparatus 22010-1. The accesscontrol apparatus 22010-1, upon receiving the ICS network packet T07(Step ST100), confirms that the receiving ICS network address “8300”written within the network control field (ICS capsule) of the ICSnetwork packet T07 is registered as the transmitting ICS network address“8300” within the conversion table 22013-1 (Step ST110), and thenperforms the ICS reverse encapsulation (Step ST120), and sends theobtained ICS user packet S07 to the ICS logic communication line 12121-1connected to the address “8300” within the line portion 22011-1 (StepST130).

This is the same for ICS user packet S09 sent out from the IP terminalhaving the ICS user address “1820” within the LAN 22111-1, the networkidentifier is “C002”, the ICS encapsulation is performed and transferredthrough the ICS 22000-1, the ICS reverse encapsulation is performed atthe access control apparatus 22030 to form an ICS user packet S09, whichreaches the IP terminal having the ICS user address “1920” within theLAN 22107-1.

<<Closed-Zone/Virtual Dedicated Line/Access to Network Server>>

An ICS user packet S08 is sent out from an IP terminal having an address“1810” within the LAN 22106-1. At the time of receiving the ICS userpacket S08 from the ICS logic terminal with the address “7300” of theline portion 22021-1, the access control apparatus 22020-1 obtains theICS network address “7300”, and further obtains the sender ICS useraddress “1810” and the receiver ICS user address “6300” from thetransmitting ICS user packet S08 (Step SP100), and checks whether “7300”is registered on the conversion table 22023-1 with the requestidentification as “3” (virtual dedicated line) (Step SP110). In thiscase, it is registered. Next the access control apparatus 22020-1 checkswhether or not there is a record in the conversion table 22023-1 thatcontains the transmitting ICS network address “7300” and the receiverICS user address “6300”, these having been obtained as described above(Step SP140). In this case, such does exist, and the receiving networkaddress “9300” written to the record is found (Step SP145). Next, theICS encapsulation is performed using the transmitting ICS networkaddress “7300” and the receiving ICS network address “9300” thusobtained (Step SP180), the transmitting ICS network address “7300” thusobtained and the receiving ICS network are used to perform the ICSencapsulation (Step SP180), and the ICS network packet T08 thus obtainedis sent out onto the ICS network communication line (Step SP190). TheICS network packet T08 passes through the relay devices 22062-1 and22064-1, and reaches the ICS network server 22087-1.

The same is true for the ICS user packet S10 sent out from the IPterminal having the address “1830” within the LAN 22111-1, the networkidentifier is “C002”, and is ICS-encapsulated to become the ICS networkpacket T10, and passes through the relay device 22064-1 and reaches theICS network server 22089-1.

<<Open-Zone/Inter-Corporation Communication>>

Open-zone/inter-corporation communication is almost the same as theaforementioned closed-zone/inter-corporation communication; thedifference is that checking has been added for registration of both thesender ICS user address (intra-corporation) and the sender ICS useraddress (inter-corporation) in searching the records in conversiontables 22013-1 and 22043-1, as described below.

An ICS user packet S13 is sent out from an IP terminal having a useraddress “1420” within the LAN 22112-1. At the time of receiving the ICSuser packet S13 from the ICS logic terminal with the address “7405” ofthe line portion 22041-1, the access control apparatus 22040-1 obtainsthe transmitting ICS network address “7405”, and further obtains thesender ICS user address “1420” and the receiver ICS user address “5420”from the ICS user packet S13 (Step SP100), and checks whether the ICSnetwork address “7405” is registered on the conversion table 22023-1with the request identification as “3” (Step SP110). In this case, it isnot registered, so next the access control apparatus 22040-1 checkswhether or not there is a record in the conversion table 22043-1 thatcontains all of the transmitting ICS network address “7405”, the senderICS network address “1420” and receiver ICS user address “5420”, thesehaving been obtained as described above (Step SP120), the existence ofsuch is confirmed (Step SP130), and next, a record is found recorded inthe conversion table 22043-1 wherein the sender ICS user address(intra-corporation) is “1420” and the sender ICS user address(inter-corporation) is “5420” (in this case, the fifth record from thetop on conversion table 22043-1). Next, the received sender ICS useraddress (intra-corporation) “1420” is re-written to a inter-corporationaddress “4420”, and the receiving ICS network address “8400” registeredto this record is obtained (Step SP160). Next, the ICS encapsulation isperformed using the transmitting ICS network address “7405” and thereceiving ICS network address “8400” thus obtained (Step SP180), and theICS network packet thus obtained is sent out onto the ICS networkcommunication line (Step SP190). The ICS network packet passes throughthe relay devices 22064-1 and 22063-1, and reaches the access controlapparatus 22030-1. The access control apparatus 22030-1, upon receivingthe ICS network packet (Step ST100), confirms that the receiving ICSnetwork address “8400” written within the network control field (ICScapsule) of the ICS network packet is registered as the transmitting ICSnetwork address “8400” within the conversion table 22033-1 (Step ST110), and then performs the ICS reverse encapsulation (Step ST120), andsends the obtained ICS user packet S130 to the ICS logic communicationline connected to the address “8400” (Step ST130).

An ICS user packet S11 sent out from an IP terminal having an ICS useraddress “4410” within the LAN 22112-1 is ICS-encapsulated by the accesscontrol apparatus 22040-1 by the same procedures as described above withregard to closed-zone/inter-corporation communication, transferredthrough the ICS 22000-1, reversely ICS-encapsulated in the accesscontrol apparatus 22030-1, and delivered to an IP terminal having an ICSuser address “5410” within the LAN 22108-1. As another example, an ICSuser packet S12 sent out from an IP terminal having an ICS user address“4410” within the LAN 22112-1 is ICS-encapsulated by the access controlapparatus 22040-1 by the same procedures as described above, transferredthrough the ICS 22000-1, delivered to the access control apparatus22030-1, and at the time of the ICS reverse encapsulation, reference tothe record in conversion table 22033-1 (in this case, the fifth recordfrom the top on the conversion table) reveals that the address “5430”written within the ICS user packet S12 is an ICS user address(inter-corporation), the address value “5430” is re-written to an ICSuser address (intra-corporation) “1430” (Step ST120), an ICS user packetS120 is generated, and delivered to the IP terminal having the ICS useraddress “1430” within the LAN 22109-1. As another example, an ICS userpacket S14 sent out from an IP terminal having an ICS user address“1420” within the LAN 22112-1 has a sender ICS user address “1420” and areceiver ICS user address “5440”, is transferred through the ICS 22000-1and is delivered to the IP terminal within the LAN 22109 with an ICSuser address of “1440” and a sender ICS user address “4420”, having beenconverted to an ICS user packet S140 with a receiver ICS user address“1440”.

<<Open-Zone/Inter-Corporation Communication/Access to Network Server>>

ICS user packets S15 and S16 sent out from within the LAN 22112-1 aredelivered to the ICS network server 22085-1 that is the destination ofeach, following the same procedures as that described above.

<<Communication from Network Server within ICS to Network Server Outsideof ICS>>

A block 22086-1 is an ICS network server is an within the ICS 22000-1,and is an “ICS external server”, comprised of a database placed outsidethe ICS 22000-1, and so forth. The ICS external servers 22090-1 and22091 have ICS user addresses “6500” and “1960”, and are registered inthe conversion table 22033-1 (in this case, the eighth and ninth recordsfrom the top in the in the conversion table 22033-1). However, thereceiver ICS user address and the receiving ICS network address spacesare blank, and are registered as being “Null”. The ICS external server22091-1 has sender ICS user address (intra-corporation) “1960”, andfurther, is provided with a sender ICS user address (inter-corporation)“6960”. Also, the ICS internal server 22086-1 has ICS user address“6600”, ICS network address “9500”, these being registered in theconversion table 22033-1 (in this case, the tenth record from the top inthe in the conversion table 22033-1).

At the time that the ICS internal server 22086-1 sends out the ICSnetwork packet T20, the ICS network packet T20 passes through the relaydevices 22063-1 and reaches the access control apparatus 22030-1, theICS reverse encapsulation is performed using the conversion table22033-1 in order to form the ICS user packet S20, which is delivered tothe ICS external server 22090-1. For reverse direction communication,the ICS reverse encapsulation is performed in the access controlapparatus 22030-1 to form the ICS user packet S21, and delivery is madeto the ICS external server 22086-1. Summarizing the above, an ICSexternal server is placed outside of the ICS 22000-1, and communicationbetween internal servers within the ICS 22000-1 and external serversoutside the ICS 22000 is enabled.

An arrangement may be used wherein all or a plurality of records in theconversion table 22013-1 within the access control apparatus 22013-1 areselected as necessary, stored within a conversion table record file22014-1, and extracting as necessary for performing the ICSencapsulation and the ICS reverse encapsulation. This also is true forthe conversion table 22020-1 within the access control apparatus 22023-1and so forth. In the access control apparatus, the portion of theconversion table 21033-1 in which specification of the networkidentifier is that for open-zone connection (“Open”) is usually not heldwithin the access control apparatus, and instead an arrangement may beused in which address information to be registered to the conversiontable is obtained from the domain name server 22095-1 and temporarilyused as a conversion table 22030-1. Also, the network server 22081-1 forclosed-zone/intra-corporation communication may be used as a domain nameserver for closed-zone/intra-corporation communication which can becommanded by the network identifier “A001”. Incidentally, thehierarchical structure of the domain name in the example is shown to bea single-layer structure specifying, e.g., domain name “a1”, but thismay be made to be 2- or 3-layer hierarchy such as “b1.a1.” or“c1.b1.a1.”. Further, the network server 22083-1 forclosed-zone/inter-corporation communication may be used as a domain nameserver for closed-zone/inter-corporation communication which can becommanded by the network identifier “B001”. The network server 22087-1for closed-zone/virtual dedicated line may be used as a domain nameserver for closed-zone/virtual dedicated line which can be commanded bythe network identifier “C001”. Incidentally, in the present embodiment,the hierarchical structure of the domain name in the example is shown tobe a single-layer structure specifying, e.g., domain name “a1”, but thismay be made to be 2- or 3-layer hierarchy such as “b1.a1.” or“c1.b1.a1.”.

Embodiment-20 IP Terminal Capable of Connecting to Plural Access ControlApparatuses with Identifiers

The present embodiment does not fix the IP terminal having the functionsfor sending and receiving ICS user IP packet to a specific accesscontrol device; rather, it realizing usage of an IP terminal which canbe moved and connected to other access control apparatuses and used,i.e., capable of roaming, using identifiers. Roaming is realized basedon the ICS domain name provided to the IP terminal.

<<Password Transmission Technique Using Cipher>>

The present embodiment includes procedures for ciphering a secretpassword PW and sending this from the sender (ciphering side) to thereceiver (decoding side). First, the ciphering function Ei and thedecoding function Di will be described. The ciphering function Ei isrepresented by y=Ei(k1, x), and the decoding function Di is representedby x=Di(k2, y). Here, y denotes the ciphertext, x denotes plain-text, k1and k2 are keys, and “i” represents cipher numbers (i=1, 2, . . . )determining the secret key code and public key code, including how thevalue of the cipher key is to be used. In the above, an arrangement maybe used wherein plain-text x′ is ciphered instead of the plain-text xwith x′=x∥r (wherein r is a random number), and discarding the randomnumber r from the plain-text x′ upon decoding, thus obtaining theplain-text x. Such an arrangement generates a different ciphertext eachtime the same plain-text is ciphered, owing to the random number, and itis said that such is less susceptible to cipher cracking.

(Example of cipher number i=1)

<<Preparation>>

The sender m discloses the domain name thereof (DNm) to the publicincluding the receiver. The receiver calculates Km=Hash-1 (DNm) usingthe secret data compression function Hash-1, and hands over only thecipher key Km using a safe method so as to be unnoticed by a thirdparty. This example is an example of using DES ciphering, and the senderholds an “ciphering module DES-e” for realizing the ciphering functionEi, and a cipher key Km. The cipher key Km is a secret value which thesender and receiver share. The receiver has the “ciphering module DES-d”for realizing the decoding function Di and the data compression functionHash-1. What is used for the data compression function Hash-1 isdetermined separately for each cipher number. A data compressionfunction is also referred to as a “hash function”.

<<Ciphering by Sender>>

The sender sets the secret password PW as x=PW, and ciphers asy=DES-e(Km,x) with the ciphering module DES-e and the cipher key Kmbeing held, thereby sending the ciphertext and domain name DNm.

<<Decoding by Receiver>>

The receiver receives the ciphertext y and the domain name DNm,calculates the secret cipher key Km as Km=Hash-1(DNm) using thereceiver's secret data compression function Hash-1, and the obtains theplain-text x as x=DES-d(Km,y) using the decoding module. The plain-textx is password PW, and the receiver can obtain the secret password PW. Athird party does not know the data compression function Hash-1 and thuscannot calculate the cipher key Km, and accordingly, cannot calculatethe secret password PW. In the above embodiment, as stipulation of thecipher number i=3, the ciphering function and the decoding function canbe replaced with coding function and decoding function other than DEScode.

(Example of cipher number i=2)

<<Preparation>>

The present example is an example of employing RSA ciphering, whereinthe sender generates a ciphering function y=x^(e) mod n and a decodingfunction y=x^(d) mod n. Here, e (d holds, the key d being a secretvalue. The sender hands to the receiver the discloseable ciphering keyse and n, and the ciphering module RSA-e for realizing y=x^(e) mod n. Thesender holds the ciphering keys and the ciphering module RSA-e. Thesender does holds neither the secret ciphering module nor secret data.On the other hand, the receiver holds n and the secret key d and theciphering module RSA-e for realizing y=x^(e) mod n.

<<Ciphering by Sender>>

The sender ciphers the secret password PW, own domain name DNm, and timeof sending (year/month/day/hour/minute/second) as x=PW∥x1∥x2 (whereinX1: domain name DNm, and x2: year/month/day/hour/minute/second) andencodes as y=x^(e) mod n using the ciphering module RSA-e, thus sendingthe ciphertext y.

<<Decoding by Receiver>>

The receiver receives the ciphertext y and calculates y=x^(d) mod nusing the decoding module RSA-d held beforehand and the decoding key.The result is x=PW∥x1∥x2, so the data which is at a certain positionfrom the head of x is used as PW. In the above ciphering, domain name x1and year/month/day/hour/minute/second x2 are used as random numbers. Athird party does not know the secret key d and thus cannot calculate thesecret password PW. In the above embodiment, as stipulations of thecipher number i=4, the values of the cipher keys e, d and n can bechanged. Also, as stipulations of the cipher number i=5, the RSAciphering technique can be replaced with a different public keyciphering technique.

<<Terminal Verification Technique Using Password and Random Number>>

Description will be made regarding verification technique fordetermining whether or not the password PW used by a roaming terminalagrees with the password registered in the verifying server. Asprerequisite conditions, the verifying server of the verifying entityand the terminal of the user to receive verification have a password PWthat is secret to a third party, with a ciphering function E (whereiny=E(k,x), y represents ciphertext, k represents ciphering key, and xrepresents plain-text). Specific procedures for terminal verificationwill now be described. The terminal of the user to receive verificationdecides upon a random number R using appropriate means, calculatesY1=F(PW, R) using the password PW and the function y=F(PW, R) and sendsboth the random number R and Y1 to the verifying entity. The verifyingentity receives the random numbers R and Y1, and calculates Y2=F(FW, R)using the received random number R, the password PW held within, andfunction F, and checks whether or not Y1=Y2 holds. In the event thatthere is a match, the verification can be made that the owner of theterminal which is being verified is using the correct password PW, i.e.,verification of the terminal can be made. In the above technique, anarrangement in which the user to be verified cannot freely select therandom number R but rather the random number R is restricted todepending on time (called a time random number) further increasesdifficulty of a third party calculating the password. Instead of theciphering function used above, the secret data compression function Hjmay be used instead, for Y1, Y2=Hj(PW, R).

<<Overall Configuration>>

FIGS. 143 and 144 illustrate an overview of the roaming techniqueaccording to the present embodiment, wherein an ICS 21000-1 includesaccess control apparatuses 21010-1, 21020-1, 21030-1, 21040-1, 21050-1and 21060-1, relay devices 21080-1, 21081-1, 21082-1 and 21083-1,verification servers 21100-1, 21101-1, 21102-1 and 21103-1, domain nameservers 21130-1, 21131-1, 21132-1 and 21133-1, user service server21250-1 and an ICS authority server 21260-1. The access controlapparatus 21010-1 is provided with a conversion table 21013-1, aconversion table server 21016-1, a registration server 21017-1 and aconnection server 21018-1. The access control apparatus 21020-1 isprovided with a conversion table 21023-1, a conversion table server21026-1, a registration server 21027-1 and a connection server 21028-1.The connection servers 21018-1 and 21028-1 are provided with an ICS useraddress “6310”, and has the function to register access controlapparatuses determined as necessary to the IP terminal, or to connectthereto. The verifying server 21100-2 is shown in FIG. 145 and theconversion table 21023-1 is shown in FIG. 146. The conversion tableserver 21016-1 has a function for re-writing the contents of theconversion table 21013-1, and the conversion table server 21026-1 has afunction for re-writing the contents of the conversion table 21023-1,which is the same as described in other embodiments. Also, the LAN21150-1 has an IP terminal 21151-1, the LAN 21160-1 has an IP terminal21161-1, and a block 21171-1 is an IP terminal. A block 21200-1 is aportable roaming terminal, and is identified by the ICS domain name“c1.b1.a1.” provided uniquely within the ICS 21000-1.

<<Application for Use of Roaming Terminal>>

The owner of a roaming terminal 21200-1 indicates as an ICS usageapplicant 21270-1 the payment method for the roaming terminal 21200-1,and applies to the ICS authority server 21260-1 via user service server21250-1 for an ICS domain name and an ICS user address. The paymentmethod is represented by billing class “MNY”, e.g., in the event thatMNY=1, the charges are billed to the home IP (i.e., an IP terminal whichis connected to the access control apparatus in a fixed manner), in theevent that MNY=2, the charges are paid according to the record of theverifying server. The ICS authority server 21260-1 sets an ICS domainname: “c1.b1.a1.” for using the roaming terminal 21200-1, and an ICSuser address “1200”. Further, in order to be connected to the accesscontrol apparatus in a fixed manner and use it, the owner of the IPterminal 21200-1 applies for an ICS network address to the ICS authorityserver 21260-1 via the user service server 21250-1. The user serviceserver 21250-1, upon obtaining the ICS network address, makes a requestto the conversion table server 21016-1 to set the ICS network address“8115” and the ICS user address “1200” in the conversion table 21013-1.

The ICS receptionist 21271-1 embeds inside the interior 21201-1 of theroaming terminal 21200-1 the following: ICS domain name “c1.b1.a1.”, ICSuser address “1200”, special ICS address for roaming terminals (called“roaming special number”) “1000”, ICS user address “6300” forregistration server, and ICS user address “6310” for connecting server,and further embeds inside the interior 21201-1 of the roaming terminal21200-1 the ciphering function Ei and the decoding related data RP1.Now, RP1=Hj (domain∥name RP0)∥RP0 (wherein RP0=NMY∥i∥j∥NID) holds, andthe domain name is “c1.b1.a1.”. MNY is the above-described billingclass, “i” is a cipher number for the cipher Ei, and “j” determines thetype of Hash function Hj, and “NID” is a network identifier “B001”.Network identifies are named to distinguish between closed-zone networksand open-zone networks. Data compression function Hj is a secretdedicated function used only by the verifying server and the userservice server. The user does not hold the data compression function Hj,and does not even known Hj, and thus is incapable of generating cipherrelated data RP1.

<<Registration Procedures from Home IP Terminal>>

Description will be made with reference to FIG. 147. The roamingterminal user connects the roaming terminal 21200-1 to the position ofthe home IP terminal 21151-1. Next, the roaming terminal user decides ona password (PW) and enters this from the input unit 21204-1, and alsogenerates an ICS user packet PK01 using the ciphering function and thecoding-related data stored within 21202-1, and sends it to the accesscontrol apparatus 21010-1 via the ICS user logic communication line21152-1 (procedures T10). The destination of the ICS user packet PK01 is“6300” which points to the roaming registration server, and includes ownICS domain name “c1.b1.a1.”, cipher parameter PR1, ICS user address“1200”, expiration data “98-12-31”, ciphertext “y” which is the passwordthat has been ciphered, “tg” (wherein tg=1 in order to displayregistration procedures), and “Yes” or “No” for roaming connectionspecification. The generation method employed for the ciphertext “y” isthe ciphering technique described earlier. For example, in the eventthat the cipher number=2, ciphertext “y” is generated with y=x^(e) mod n(wherein x=PW∥c1.b1.a1. ∥year/month/day/hour/minute/second). The accesscontrol apparatus 21010-1 looks at the conversion table 21013-1 andtransfers the ICS user packet PK0 to the registration server 31017-1with the destination “6300” (procedure T15). The registration server21017-1 uses the domain name “c1.b1.a1.” to call the verifying server21100-1 (procedure T20). Also, the method by which the registrationserver 21017-1 calls the verifying server 21100-1 using the domain nameis the same as the method by which the connection server 21028-1 callsthe verifying server 21100-1 using the domain name, the details thereofbeing described in detail later. The verifying server 21100-1 checks thecontents of the received ICS user packet PK01, and decodes theciphertext “y” using the earlier-described technique, therebycalculating the password PW. For example, in the event that the codenumber=2, the ciphertext “y” is decoded with x=yd mod n. This yieldsx=PW∥1.b1.a1.∥year/month/day/hour/minute/second, so the password PW canbe obtained.

Next, the contents of the cipher parameter PP1 is RP1=Hj (domainname∥RP)∥RP0 (wherein RP0=MNY∥i∥j∥NID), so the verifying server 21100-1uses the secret Hash function Hj held within the verifying server21100-1 and the obtained domain name “c1.b1.a1.” to calculate t=Hj(domain name∥RP0)∥RP0), and checks whether or not t=RP1 holds for thereceived RP1. If it holds, judgment is passed that the domain name“c1.b1.a1.”, billing class MNT, cipher numbers “i” and “j”, and thenetwork identifier “NID” have not been tampered with. The verifyingserver 21100-1 checks for excessive or insufficient registrationcontents, and in the event that the contents are normal, theregistration results are registered in the verifying table 21100-2;registration is not made in the event there are insufficientregistration contents.

This is illustrated in the verifying table 21100-2 in the line with theadministration number 1, with the domain name as “c1.b1.a1.”, ciphernumber “2”, billing class (MNY) “1”, value of calculated password PW“224691”, expiration date “98-12-31”, roaming connection of “Yes”, i.e.,acceptance of a roaming connection. At the time of generating the PK01in procedure T110, the aforementioned value of tg may be set to tg=2 androaming connection set to “No”. The password will not leak to a thirdparty, due to application of the above-described ciphering method.Roaming registration is reported by passing through the registrationserver (procedure T30), then the access control apparatus 21010-1(procedure T35), and reported to the roaming IP terminal (procedureT40). Further, an ICS user packet for changing the value of the passwordPW with tg=3 or changing the date of expiration with tg=4 can be sentfrom the terminal 21200-1 via the ICS user logic communication line21152-1, after the above procedure T40 has been completed. Incidentally,a method which can be employed for changing the password involvesspecifying the prior password.

<<Sending and Receiving User IP Packet while Traveling>>

An example will be described regarding connecting a roaming terminal21200-1 to the access control apparatus 21020-1 and sending andreceiving of the user IP packet between domain name “c1.b1.a1.” of theroaming terminal 21200-1 and the other party of communication with adomain name “c2.b2.a2.” The user inputs the following from the inputunit 21204-1: the domain name “c2.b2.a2.” of other party ofcommunication, “tg” which has been set to tg=5 for specifying sendingand receiving of user IP packet, own password PW, and “5” whichspecifies the roaming connection period in days (represented by TTL).The cipher parameter RP2 is data calculated with the password PW and theinside 21202-2. That is, year/month/day/second “yy-mm-dd-sssss” isgenerated and used as a time random number TR (TR=yy-mm-dd-sssss), andthe clock of inside 21202-2 and the cipher function Ei is used tocalculate RP2=Ei(PW, TR) 11 TR.

The access control apparatus 21020-1 receives the user IP packet PK02,obtains the ICS network address “7800” provided to the ICS logicterminal, and since the request identification from the conversion tableis “4” and further the sender ICS user address written to the user IPpacket PK02 is “1000” (i.e., roaming special number), the above ICSnetwork address “7800” is held, and is delivered with the ICS userpacket PK02 to the connection server 21028-1 pointed to by the receiverICS user address “6310” (procedure T60). The ICS network address “7800”obtained in this procedure will be used after the later-describedprocess T130.

<<Function of Connection Server>>

Next, the connection server 21028-1 calls the verifying server 21100-1using the domain name “c1.b1.a1”, and transfers the domain name“c1.b1.a1” and the parameter RP2 to the verifying server (procedureT70). The verifying server 21100-1 reads the values of the password PWand the cipher number written to the verifying table 21100-2, andselects cipher function Ei and reads the password PW. Next, the cipherparameter RP is RP2=Ei(PW, TR) 11 TR, so the time random number which isto the latter half of the RP2 is used to calculate t=Ei(PW, TR). In theevent that the value of this temporary variable t calculated herematches the first half Ei(PW, T) of the received RP2, confirmation canbe made that the password PW entered into the terminal 21200-1 iscorrect. The time function TR includes the year/month/day (i.e.,TR=yy-mm-dd-sssss), so unauthorized access can be discovered in the casethat the received year/month/day does not match that time of processing.

Next, the verifying server 21100-1 reports the following items writtenin the verifying table 21100-2 to the connection server 21028-1(procedure T80): completion of roaming registration, billing class, andverifying server calling information (procedure T80). In the presentembodiment, the billing class is MNY=1, and the verifying server callinginformation is the ICS network address “7981” of the verifying server21100-1, port number “710” and administration number “1” of theverifying administration table. The connection server 21028-1 presentsthe domain name “c1.b1.a1.” to the domain name server, requests the ICSuser address and ICS network address associated with the domain name(procedure T90), and obtains the ICS user address “1200” and ICS networkaddress “8115” (procedure T100). In the same way, the connection serverpresents the domain name “c2.b2.a2.” to the domain name server, requeststhe ICS user address and the ICS network address associated with thedomain name (procedure T110), and obtains the ICS user address “2500”and the ICS network address “8200” (procedure T120).

Next, the connection server 21028-1 informs the conversion table server21026-1 of the following (procedure T130): the ICS network address“7800” of the ICS logic terminal which has input the ICS user packet(held in procedure T60); the ICS user address “1200”, ICS user address“2500”, and ICS network address “8200”, just obtained from the domainname server; and also the completion of roaming registration, billingclass, and verifying server calling information received from theverifying server 21100-1. The conversion table server 2120-6 writes thefour address to the conversion table 21023-1 as received. The value ofthe request identification is “10”, meaning the inter-corporationcommunication by roaming. The network identifier (NID) is “B001”. In theevent that the billing class is MNY=1, the ICS network address “8115”and the ICS user address “1200” just obtained from the domain nameserver are forwarded to the billing notification destination of theconversion table 21023-1. Also, in the event that the billing class isMNY=2, verifying server calling information is forwarded to the billingnotification destination of the conversion table 21013-1. Further, “5”which specifies the roaming connection period in days is also written tothe conversion table 21013-1. When the writing to the conversion table21023-1 is completed, the conversion table server 21026-1 reports theresults to the connection server 21028-1 (procedure T140). Thiscompletion report is sent via the access control apparatus 21020-1(procedure T150) to the roaming terminal 21200-1 with the ICS userpacket PK03 (procedure T160).

Now, the ICS user packet PK03 includes the ICS user address “1200”associated with the domain name “c1.b1.a1.” of the roaming terminal21200-1, and the CS user address “2500” associated with the domain name“c2.b2.a2.” of the other party of communication. The corporationoperating the access control apparatus can charge the owner of theroaming terminal 21200-1 for the above usage of the connection server21028-1, i.e., the procedures for receiving the ICS user packet PK02 upto returning the ICS user packet PK03, and “5” which specifies theroaming connection period in days. The above embodiment is an example ofthe network identifier (NID) “B001”, and is applied to closed-zonenetworks described in other embodiments. Also, as another embodiment,the network identifier (NID) may be set as “Open” and applied to anopen-zone network. In this case, the roaming technique is the same asthat of the aforementioned closed-zone network “B001”.

<<Using the Roaming Terminal>>

The roaming terminal 21200-1 can use the conversion table 21023-1created following the above-described procedures, to perform theinter-corporation communication the same as with that described in otherembodiments (procedures T170 through T220). In the event that “5” whichspecifies the roaming connection period in days elapses, the conversiontable server 21026-1 can delete the above roaming connection written inthe inside of conversion table 21023-1.

<<Notification of Billing>>

The access control apparatus 21020-1 notifies the billing notificationdestination registered in the conversion table 21023-1 of thecommunication charges (procedure T300 or T310).

<<Method for Accessing the Verifying Server>>

Of the above description, detailed description will be made regardingthe method for judging whether or not the verification request containedin the ICS network packet PK02 generated by the roaming terminal 21200-1due to the connection server 21028-1 presenting the domain name“c1.b1.a1.” to a plurality of verifying servers including verifyingserver 21100-1 is correct, i.e., whether or not the domain name“c1.b1.a1.” of the roaming terminal 21200-1 is registered with theverifying server.

An example of 4-layer hierarchy will be described with reference to FIG.173. A domain name “root” is provided on Level 1 of the tree, and domainnames “a1”, “a2”, “a3” . . . and so forth exist on Level 2 below, domainnames “b1”, “b2”, “b3” . . . and so forth exist on Level 3 below “a1”for example, and domain names “c1”, “c2”, “c3” . . . and so forth existon Level 4 below “b I” for example.

FIG. 149 illustrates the internal table 21102-2 of the verifying server21102-1 handling the domain “root”, indicating, e.g., that the ICSnetwork address of the domain name server 21101-1 which handles thedomain name “a1” below the domain name “root” is “7971”, and the portnumber is “710”. Also, FIG. 150 illustrates the internal table 21101-2of the verifying server 21101-1 handling the domain “a1”, indicating,e.g., that the ICS network address of the domain name server 21100-1which handles the domain name “b1” below the domain name “a1” is “7981”,and the port number is “710”. FIG. 151 illustrates the internal table21100-2 of the verifying server 21100-1 handling the domain “b1”,indicating, e.g., that the domain name “c1” below the domain name “b1”shows “YES” in the terminal space in the internal table 21100-2, meaningthat there are no more domain names below, and that in this example, thedomain name “c1.b1.a1” has been registered with the verifying server,and facts such that the password PW is “224691”, that the date ofexpiration is “98-12-31”, etc., are recorded therein

<<Calling Verifying Server>>

With reference to FIG. 152, description will be made regarding theprocedures in which the connection server 21028-1 calls the verifyingserver 21100-1 using the domain name “c1.b1.a1.”, and checks whether ornot the domain name “c1.b1.a1.” has been registered in the verifyingserver. Now, the connection server 21028-1 has therein the ICS networkaddress of the verifying server handling the domain “root” on Level 1shown in FIG. 153. Also, in the event that there is a great deal ofcommunication with the verifying servers which handle the Level 2 andLevel 3 domains, the ICS network addresses of the verifying serversthereof are held therein.

The connection server 21028-1 enters the domain name “c1.b1.a1.” in theinternal resolver 21029-1. The resolver 21029-1 sends the ICS packet21335-1 including “a1” under the domain name “root” and the cipherparameter RP2 to the verifying server 21102-1, and an ICS packet 21336-1including an ICS network address “7971” of the ICS domain name serverfor “a1” is returned. Next, the resolver 21029-1 sends an ICS packet21345-1 including “b1” to the verifying server 21101-1, and an ICSpacket 21346-1 including an ICS network address “7981” of the verifyingserver for “b1” is returned. Next, the resolver 21029-1 sends an ICSpacket 21355-1 including “c1” to the verifying server 21100-1, andregarding the domain name “c1”, the space for the endpoint of 21100-1 is“Yes” this time, so it can be judged that verifying information has beenregistered. In this way, “root”, “a1”, and “b1” have been followed inorder, so it can be understood that the verification information for thereversed domain name “c1.b1.a1.” is registered in the internal table21100-2.

The verifying server 21100-1 checks the received cipher parameter RP2,and checks that the expiration date “98-12-31” has not expired. Next,the verifying server 21100-1 reads the password PW and the value of thecipher number written in the verification table, and selects cipherfunction Ei. The cipher parameter RP is RR2=Ei(PW, TR)∥TR, so the timerandom number TR to the latter half of RP2 is used to calculate t=Ei(PW,TR). In the event that the value of this temporary variable t calculatedhere matches the first half Ei(PW, TR) of the received RP2, confirmationcan be made that the password PW entered into the terminal 21200-1 iscorrect. The above results are reported to the connection server21028-1. Consequently, the connection server 21028-1 can know theverification results (authorized or denied) and billing class MNY.

<<Other Embodiment of Roaming without a Home IP Terminal>>

In the above embodiment, in the event that the ICS receptionist 21271-1does not set a home IP terminal, the earlier-described “Registrationprocedures from home IP terminal” are performed via the user serviceserver 21250-1. In this case, the billing record “120” within theverifying table 21100-2 within the verifying server 21100-1, and theinformation “7981-710-1” of the verifying server presented to thebilling notification destination within the conversion table 21023-1,are used. <<Another embodiment of roaming wherein the verifying serveris included in the domain name server>>

The structure of the domain name tree shown in FIG. 153 that is theobject of verifying server 21110-1 is the same as the domain name treesthat are the object of domain name servers in other embodiments.Accordingly, each domain server is capable of storing the data of theverifying server described in the present embodiment, and include thefunctions of a verifying server. That is, this other method of carryingout roaming is realized by integrating the verifying server described inthe present embodiment with the domain name server described in otherembodiments.

<<Access Control Apparatus and IP Terminal Connecting with WirelessTransceiver>>

A wireless transceiver 21620-1 is provided within the ICS 21000-1, andthe wireless transceiver 21620-1 and a wireless transceiver 21640-1 canexchange information one with another via a wireless communication path21625-1. The terminal 21630-1 includes the wireless transceiver 21640-1,and as with the case of the earlier-described IP terminal 21200-1, theterminal 21200-2 has a function for the inter-corporation communicationusing an ICS domain name. There is an information communication path21620-1 between the access control apparatus 21020-1 and the wirelesstransceiver 21620-1. The information communication path 21610-1 is likethe ICS user logic communication line in that it has a function forsending and receiving ICS user packets, and these are different in thatthe information communication path 21610-1 is within the ICS 21000-1.The wireless transceiver 21620-1 and the wireless transceiver 21640-1both have a function for receiving ICS user packets, converting theinformation within the ICS user frame into ICS user packet informationin waveform format and transmitting them, and also reverse functions,i.e., receiving ICS user packet information in waveform format andreverse-converting into ICS packet format and transmitting these.Accordingly, the ICS user packet sent out from the IP terminal 21200-2passes through the wireless transceiver 21640-1, wireless communicationpath 21625-1, wireless transceiver 21620-1, and informationcommunication path 21610-1, and is provided to the access controlapparatus. Also, ICS frame sent out in the reverse direction, i.e., sentfrom the access control apparatus 21020-1 passes through the informationcommunication path 21610-1, wireless transceiver 21620-1, wirelesscommunication path 21625-2, wireless transceiver 21640-1, and isdelivered to the IP terminal 21200-2.

Thus, according to the present invention, administration of informationcommunication is performed with a unified address system, and variousservices can be provided, without using dedicated lines or the Internet,thus enabling structuring a large-scale communication system with highsecurity and with relatively low costs. Also, inter-corporationcommunication can be performed between individual corporations(including government organizations, universities, and so forth) whichhad conventionally been services separately with practically no changeto the address system for computer communications. Further, since thenetwork administrator holds the network control authority, the overalladministration of the network becomes clear, increasing ease of securingreliability and also markedly improving security.

1-16. (canceled)
 17. A communication system, wherein: a communicationnetwork includes access control apparatus and a server, said accesscontrol apparatus include a logical terminal, said logical terminal is alogical connection point of a communication line connected to a terminalout of said communication network and said access control apparatus, andsaid terminal is connected to said logical terminal by a communicationline out of said communication network, a terminal T1 is connected to alogical terminal R1 of an access control apparatus A1 via acommunication line L1, a terminal T2 is connected to a logical terminalR2 of an access control apparatus A2 via a communication line L2, andsaid access control apparatus A1, A2 and a server S are connected eachother by communication lines in said communication network, and saidterminal T1 sends a telephone number D2 of said terminal T2 to saidserver S via said communication line L1, said logical terminal R1 andsaid access control apparatus A1, said server S replies an ICS useraddress AD2 of said terminal T2 to said terminal, said terminal T1 sendsan ICS user frame of which a destination address is said ICS address AD2to said access control apparatus A1, said access control apparatus A1forms an ICS network frame including said ICS user frame and adiscriminating information to discriminate said logical terminal R2 andthen sends it to said access control apparatus A2, and said accesscontrol apparatus A2 restores said ICS user frame from said ICS networkframe and sends it to said terminal T2 via said logical terminal R2. 18.A communication system according to claim 17, wherein said accesscontrol apparatus A2 is connected to a private branch exchange, saidprivate branch exchange is connected to a public telephone network beingconnected to telephone machines, and a voice communication is carriedout between said terminal T1 and said telephone machines.
 19. Acommunication system according to claim 17, wherein said server is adomain name server, and said server S is a domain name server S.
 20. Acommunication system, wherein: a communication network includes alogical terminal and a server, said logical terminal is a logicalconnection point of a communication line connected to a terminal out ofsaid communication network and said communication network, and saidterminal is connected to said logical terminal by a communication lineout of said communication network, a terminal T1 is connected to alogical terminal R1 via a communication line L1, and a terminal T2 isconnected to a logical terminal R2 via a communication line L2, and saidterminal T1 sends a telephone number D2 of said terminal T2 to saidserver S via said communication line L1 and said logical terminal R1,said server S replies an ICS user address AD2 of said terminal T2 tosaid terminal T1, said terminal T1 sends an ICS user frame of which adestination address is said user ICS address AD2 to said logicalterminal R1, said communication network forms an ICS network frameincluding said ICS user frame and a discriminating information todiscriminate said logical terminal R2 and then sends it to said logicalterminal R2, and said communication network restores said ICS user framefrom said ICS network frame and sends it to said terminal T2 via saidlogical terminal R2.
 21. A communication system according to claim 20,wherein a voice communication is carried out between said terminals T1and T2.
 22. A communication system according to claim 20, wherein saidserver is a domain name server, and said server S is a domain nameserver S.
 23. A communication system, wherein: a communication networkincludes a logical terminal, a server and a domain name server, saidserver includes a resolver, said domain name server has a function tosearch an IP address by regarding a telephone number as a domain name, alogical terminal is a logical connection point of a communication lineconnected to a terminal out of said communication network and saidcommunication network, and said terminal is connected to said logicalterminal by a communication line out of said communication network, aterminal T1 is connected to a logical terminal R1 via a communicationline L1, and a terminal T2 is connected to a logical terminal R2 via acommunication line L2, and said terminal T1 sends a telephone number D2of said terminal T2 to said server S via said communication line L1 andsaid logical terminal R1, said resolver LB included in said server Ssends said telephone number D2 to a domain name server DNS, said domainname server DNS searches by regarding said telephone number D2 as adomain name and replies an ICS user address AD2 of said terminal T2 tosaid terminal T1, said terminal T1 forms an ICS user frame by using saidICS user address AD2 and a self ICS user address, and said terminal T1replied said ICS user frame to said terminal T2 via said logicalterminal R1, said communication network and said logical terminal R2.24. A communication system according to claim 23, wherein a voicecommunication is carried out between said terminals T1 and T2.
 25. Acommunication system, wherein: a communication network includes alogical terminal and a domain name server, said domain name server has afunction to search an ICS user address by regarding a telephone numberas a domain name based on inquiring with said telephone number and toreply, a logical terminal is a logical connection point of acommunication line connected to a terminal out of said communicationnetwork and said communication network, and said terminal is connectedto said logical terminal by a communication line out of saidcommunication network, a terminal T1 is connected to a logical terminalR1 via a communication line L1, and a terminal T2 is connected to alogical terminal R2 via a communication line L2, and said terminal T1sends a telephone number D2 of said terminal T2 to said domain nameserver DNS via said communication line L1 and said logical terminal R1,said domain name server DNS searches by regarding said telephone numberD2 as a domain name and replies an ICS user address AD2 of said terminalT2 to said terminal T1, said terminal T1 forms an ICS user frame byusing said ICS user address AD2 and a self ICS user address, and saidterminal T1 replied said ICS user frame to said terminal T2 via saidlogical terminal R1, said communication network and said logicalterminal R2.
 26. A communication system according to claim 25, wherein avoice communication is carried out between said terminals T1 and T2. 27.A communication system, wherein: a communication network includes adomain name server has a function to search an ICS user address byregarding a telephone number as a domain name based on a logicalterminal and an inquiring with said telephone number and to reply, aterminal T1 is connected to a logical terminal R1 via a communicationline L1, and a terminal T2 is connected to a logical terminal R2 via acommunication line L2, and said terminal T1 sends a telephone number D2of said terminal T2 to said domain name server, said domain name serverobtains an ICS user address AD2 of said terminal T2 by regarding saidtelephone number D2 as a domain name, said terminal T1 forms an ICS userframe by using said ICS user address AD2 and a self ICS user address,and said terminal T1 replied said ICS user frame to said terminal T2 viasaid communication network.
 28. A communication system according toclaim 27, wherein a voice communication is carried out between saidterminals T1 and T2.